Full Disclosure mailing list archives
Re: format strings vulns in /bin/login and /usr/bin/passwd
From: madsaxon <madsaxon () direcway com>
Date: Sun, 26 Jan 2003 17:41:45 -0600
>There is also a few other on other programs but i thought these 2 would be most important since passwd >is suid and login could be exploited remotly. I am not very experianced in format strings any >help/commets would be great. Would these be able to get exploited?
i'm not sure what utility you used to find those "vulns", but i think that author should have his head examined, or perhaps you're just too ignorant to know how to properly work it. there are *no* format string vulnerabilities in the files you reported. the lack of a format specifier does *not* implicate bad code. printf("you are dumb"); is perfectly legal ..
Ugh. Let me translate this into adult for you. "No, I don't believe they are exploitable." m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: format strings vulns in /bin/login and /usr/bin/passwd flatline (Jan 26)
- Re: format strings vulns in /bin/login and /usr/bin/passwd madsaxon (Jan 26)
- Re: format strings vulns in /bin/login and /usr/bin/passwd flatline (Jan 27)
- Re: format strings vulns in /bin/login and /usr/bin/passwd madsaxon (Jan 26)