Full Disclosure mailing list archives
Re: format strings vulns in /bin/login and /usr/bin/passwd
From: flatline <flatline () blackhat nl>
Date: Mon, 27 Jan 2003 01:54:00 +0100
At 05:41 PM 26-01-2003 -0600, you wrote:
>There is also a few other on other programs but i thought these 2 would be most important since passwd >is suid and login could be exploited remotly. I am not very experianced in format strings any >help/commets would be great. Would these be able to get exploited?i'm not sure what utility you used to find those "vulns", but i think that author should have his head examined, or perhaps you're just too ignorant to know how to properly work it. there are *no* format string vulnerabilities in the files you reported. the lack of a format specifier does *not* implicate bad code. printf("you are dumb"); is perfectly legal ..
Ugh. Let me translate this into adult for you.
UGH. they are not exploitable because *THEY ARE NOT BUGS*
"No, I don't believe they are exploitable." m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: format strings vulns in /bin/login and /usr/bin/passwd flatline (Jan 26)
- Re: format strings vulns in /bin/login and /usr/bin/passwd madsaxon (Jan 26)
- Re: format strings vulns in /bin/login and /usr/bin/passwd flatline (Jan 27)
- Re: format strings vulns in /bin/login and /usr/bin/passwd madsaxon (Jan 26)