Full Disclosure mailing list archives
formatfun
From: kcope <kingcope () gmx net>
Date: Fri, 24 Mar 2006 17:51:04 +0100
Hello, mod_ssl: /httpd-2.0.48/modules/ssl/ssl_engine_kernel.c (also in 2.0.55)proto: ap_log_error(constchar*file,intline,intlevel,apr_status_tstatus,constserver_rec*s,constchar*fmt,...)
code: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff); is this exploitable? sendmail 8.13.5: sendmail-8.13.5/sendmail/main.cproto: sm_setproctitle(boolstatus,ENVELOPE*e,constchar*fmt,...) code: sm_setproctitle(true, CurEnv, qtype);
_NOT_ exploitable because sendmail DROPS PRIVILEGES! mailqueue anyone? openssh-4.0p1: file: openssh-4.0p1/openssh-4.0p1/auth1.cproto: packet_disconnect(constchar*fmt,...) code: packet_disconnect(msg);
i guess thats not exploitable since msg is not user supplied. any pointers from the list? - - kcope _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- formatfun kcope (Mar 24)
- Re: formatfun Marcus Meissner (Mar 27)