Bugtraq mailing list archives
format string vulnerability in mars_nwe 0.99pl19
From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Fri, 26 Jan 2001 22:55:19 +0100
Hello, Mars_nwe 0.99.pl19 is vulnerable to remote format string vulnerability, allowing to gain superuser privileges from DOS/Windows workstations attached to mars server. Here is the patch: --- tools.c.orig Fri Jan 26 22:46:34 2001 +++ tools.c Fri Jan 26 22:46:59 2001 @@ -189,7 +189,7 @@ sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence); openlog(identstr, LOG_CONS, LOG_DAEMON); - syslog(LOG_DEBUG, buf); + syslog(LOG_DEBUG, "%s", buf); closelog(); } else { int l=strlen(buf); @@ -249,7 +249,7 @@ } sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence); openlog(identstr, LOG_CONS, LOG_DAEMON); - syslog(prio, buf); + syslog(prio, "%s", buf); closelog(); if (!mode) return; lologfile=stderr; -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *
Current thread:
- format string vulnerability in mars_nwe 0.99pl19 Przemyslaw Frasunek (Jan 28)