Vulnerability Development mailing list archives

Re: m4 and format strings

From: "Samy Kamkar [CommPort5]" <CommPort5 () LucidX com>
Date: Wed, 27 Jun 2001 00:52:40 -0700

[elguapo@linux elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x
m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file
or directory

can anyone think of a situation where this could cause root
to be exploitated... m4 is not suid to my understanding.

-KF


Since it's not suid by default, you can't gain root from it directly. 
If another program (that is suid) is using it, then you might be able to
depending on how it's used...also, that's assuming that format string
bug is actually exploitable.  It's only opening that file so I doubt you
can do any exploitation with it...

Also, testing on my machine (fbsd) I just get:
m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory

-- 
Samy Kamkar -- (877) 898-1424 -- CommPort5 () LucidX com
LucidX.com / pdump.org / LA.pm.org

Current thread:

m4 and format strings KF (Jun 26)
- Re: m4 and format strings Jarno Huuskonen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
  - Re: m4 and format strings Robert van der Meulen (Jun 27)
    - Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
    - Re: m4 and format strings KF (Jun 27)
  - Re: m4 and format strings Matt Zimmerman (Jun 27)