sgpTELSATGP.COM.PL

• Next message: Vladimir Dubrovin: "Re: some things to play with"
• Previous message: Robert G. Ferrell: "Re: core dump"
• In reply to: Bluefish: "Re: format-string exploit under Wndows?"
• Next in thread: Bluefish: "Re: format-string exploit under Wndows?"
• Reply: Slawek: "Re: format-string exploit under Wndows?"
• Reply: Bluefish: "Re: format-string exploit under Wndows?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, July 13, 2000 2:37 PM, Bluefish wrote:
>> sprintf(errmsg, _("%s: Interrupt/Exception caugh "), prg);
>> fprintf(stderr, errmsg);
>> The important for me is fprintf() without proper format string.
>> So is it possible to exploit that vulnerbility in fprintf() by putting
>> some evil code to 'prg' ? Assuming it is less than 1024 because of buffer
>> overflow in sprintf() :)
> Under Unix, you don't want people to be able to write to a terminal
> unfiltered because it can be used to send commands like "rm -rf /" through
> ANSI features (or whatever terminal mode is in use)

Well, I think this time it is not about ANSI bombs but formatting errors. %s
%n etc. can be put in "prg" and I'm almost sure this can be exploited.

On the other hand there's no need for such exploits - make is executed with
the same privileges that the user who is invoking it and only he could
exploit it. Why should he do it? What could he gain from this?

Bye,
Slawek

• Next message: Vladimir Dubrovin: "Re: some things to play with"
• Previous message: Robert G. Ferrell: "Re: core dump"
• In reply to: Bluefish: "Re: format-string exploit under Wndows?"
• Next in thread: Bluefish: "Re: format-string exploit under Wndows?"
• Reply: Slawek: "Re: format-string exploit under Wndows?"
• Reply: Bluefish: "Re: format-string exploit under Wndows?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]