format string vulnerability in mars_nwe 0.99pl19

[Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>]

Hello,

Mars_nwe 0.99.pl19 is vulnerable to remote format string vulnerability,
allowing to gain superuser privileges from DOS/Windows workstations
attached to mars server.

Here is the patch:


--- tools.c.orig        Fri Jan 26 22:46:34 2001
+++ tools.c     Fri Jan 26 22:46:59 2001
@@ -189,7 +189,7 @@
         sprintf(identstr, "%s %d %3d", get_debstr(0),
                            act_connection, act_ncpsequence);
         openlog(identstr, LOG_CONS, LOG_DAEMON);
-        syslog(LOG_DEBUG, buf);
+        syslog(LOG_DEBUG, "%s", buf);
         closelog();
       } else {
         int l=strlen(buf);
@@ -249,7 +249,7 @@
     }
     sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence);
     openlog(identstr, LOG_CONS, LOG_DAEMON);
-    syslog(prio, buf);
+    syslog(prio, "%s", buf);
     closelog();
     if (!mode) return;
     lologfile=stderr;

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *