lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: madsaxon at direcway.com (madsaxon) Subject: format strings vulns in /bin/login and /usr/bin/passwd >There is also a few other on other programs but i thought these 2 would be most important since passwd >is suid and login could be exploited remotly. I am not very experianced in format strings any >help/commets would be great. Would these be able to get exploited? >i'm not sure what utility you used to find those "vulns", but i think that >author should have his head examined, or perhaps you're just too ignorant >to know how to properly work it. there are *no* format string >vulnerabilities in the files you reported. the lack of a format specifier >does *not* implicate bad code. printf("you are dumb"); is perfectly legal .. Ugh. Let me translate this into adult for you. "No, I don't believe they are exploitable." m5x
Powered by blists - more mailing lists