oss-sec mailing list archives
CVE request for Thunar (format string errors)
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 15 Apr 2011 15:54:08 +0200
Two format string errors were recently fixed in Thunar (file manager for Xfce). The first one is http://git.xfce.org/xfce/thunar/commit/?id=1d4dfafda30df071d7c1e0b370f0613cbc92ba74 (bug at https://bugzilla.xfce.org/show_bug.cgi?id=7128) fixed in Thunar 1.2.1) and triggers when creating file from templates and calling it with a format string. The second is http://git.xfce.org/xfce/thunar/commit/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa and is triggered when copy/pasting a file named from a format string. There's no released version including the fix right now. I've triggered the (second) bug using file named %s or %n but didn't really manage to exploit it (it crashes just fine). I'm not so sure it really needs a CVE so it's a request for discussion as well :) As a side note, I do use -Wformat -Wformat-security -Werror=format-security (thanks to hardening-includes) for my Debian builds, but as those function are wrappers of wrappers of wrappers to printf() and stuff like that, -Wformat-security won't help. Is there a way to work around that? Regards, -- Yves-Alexis
Current thread:
- CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Tomas Hoger (Apr 15)
- Re: CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Josh Bressers (Apr 18)
- Re: CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
- Re: CVE request for Thunar (format string errors) Tomas Hoger (Apr 15)