Vulnerability Development mailing list archives
Re: format-string exploit under Wndows?
From: 11a () GMX NET (Bluefish)
Date: Tue, 18 Jul 2000 02:10:18 +0200
On the other hand there's no need for such exploits - make is executed with the same privileges that the user who is invoking it and only he could exploit it. Why should he do it? What could he gain from this?
It obviouslt depends upon what the final application would be doing; consider the fact that numerous applications recieves data not only from the user executing the application, but from other sources as well (from enviromental variables, servers, connecting clients, read files etc etc)
sprintf(errmsg, _("%s: Interrupt/Exception caugh "), prg); fprintf(stderr, errmsg);Well, I think this time it is not about ANSI bombs but formatting errors. %s %n etc. can be put in "prg" and I'm almost sure this can be exploited.
Hey, actually reading an email carefully before answering is cheating ;)
Agree, that can possibly be exploited as well in order to crash the
application using that trick. Or to modify return address as
described by Thomas Dullien earlier (thanks for a nice post, TD)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Current thread:
- Blue Boars question... Thomas Dullien (Jul 04)
- Re: Blue Boars question... Gerardo Richarte (Jul 10)
- Probally Bug in latest Bind : remote overwrite dns table entries Gerrie (Jul 10)
- Re: Probally Bug in latest Bind : remote overwrite dns table entries Rodrick Brown (Jul 11)
- Re: Blue Boars question... Thomas Dullien (Jul 10)
- format-string exploit under Wndows? Tomasz Grabowski (Jul 11)
- Re: format-string exploit under Wndows? Bluefish (Jul 13)
- Re: format-string exploit under Wndows? Slawek (Jul 13)
- Re: format-string exploit under Wndows? Bluefish (Jul 17)
- Probally Bug in latest Bind : remote overwrite dns table entries Gerrie (Jul 10)
- Re: Blue Boars question... Gerardo Richarte (Jul 10)