Bugtraq mailing list archives
RWhoisd remote format string vulnerability
From: root <root () cow net>
Date: Thu, 25 Oct 2001 19:23:53 +0200 (IST)
Hello, there is a serious bug in RWhoisd by NSI on all versions. it is possible for a user to supply the format string passed to print_error() simpley by using the "-soa" directive. the results are obvious, we can write almost anywhere in the proc's memory thus executing code as the user running rwhoisd. (usually rwhoisd , but can easily become root if rwhoisd.conf writeable)
Attachment:
gen.c
Description:
Current thread:
- RWhoisd remote format string vulnerability root (Oct 25)