Vulnerability Development mailing list archives

About the format bugs thread...

From: teespy () BIGFOOT COM (TeeSPy)
Date: Sun, 9 Jul 2000 18:13:40 -1200


(English is not my native language, so PLEASE be patient ;)

First of all, this mail is only a thought that came to my head. I'm not
saying that I'm correct, since I'm almost sure I'm not, but there is the
point... i want to know why am I wrong.

Yesterday I was thinking about the format bugs thread, and...
Isn't the problem solved if I use a fixed version of the *printf family ?
I mean, so many new vulnerabilities regarding to this problem, when the REAL
fix is so easy. Why should we patch every new program, when it is enough to
patch the *printf functions.

Maybe the problem is some POSIX or ANSI C standar that doesn't allow changes
in *printf family, or something like that... ?

Can somebody clear my mind in this ??

best regards

TeeSPy / CDLR Seguridad
http://www.cdlr.org/
----------------------------TeeSPy----------------------------

Current thread:

Re: default password list (BIOS Master Passwords) Nathan Einwechter (Jul 04)
- Re: default password list (BIOS Master Passwords) Bluefish (Jul 05)
- About the format bugs thread... TeeSPy (Jul 09)
  - Re: About the format bugs thread... Bluefish (Jul 11)
- Re: default password list (3Com switches) Luis Pinto (Jul 10)
  - Re: default password list (3Com switches) Tymm Twillman (Jul 10)
  - (no subject) C.O.Too (Jul 13)
- <Possible follow-ups>
- Re: default password list (BIOS Master Passwords) appie k. (Jul 05)