oss-sec mailing list archives
Re: Nagios format string issues
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 6 Oct 2010 11:40:49 -0400 (EDT)
On Wed, 6 Oct 2010, Josh Bressers wrote:
----- "Oden Eriksson" <oeriksson () mandriva com> wrote:Just checked the ones I fixed (in 2008/2009): $ rpm -qlp /SRPMS/contrib/release/*.rpm /SRPMS/main/release/*.rpm | grep format_not_a_string_literal_and_no_format_arguments | wc -l 106 So, at least 106 new CVE assignments there.It's probably not 106. Just becuase something isn't using format arguments doesn't mean it's a security flaw. Some subset of these probably could be considered security flaws though.
I agree. Closer inspection is necessary. Some of these variables could be hard-coded constants. Sounds like there could be a lot, though.
- Steve
Current thread:
- Nagios format string issues Florian Weimer (Oct 05)
- Re: Nagios format string issues Oden Eriksson (Oct 06)
- <Possible follow-ups>
- Re: Nagios format string issues Josh Bressers (Oct 06)
- Re: Nagios format string issues Steven M. Christey (Oct 06)
- Re: Nagios format string issues Oden Eriksson (Oct 06)
- Re: Nagios format string issues Tomas Hoger (Oct 07)
- Re: Nagios format string issues Oden Eriksson (Oct 12)