| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040625164231.7437.qmail@www.securityfocus.com> Date: 25 Jun 2004 16:42:31 -0000 From: Khan Shirani <khan_shirani@...oo.com> To: bugtraq@...urityfocus.com Subject: format string vulnerability in Gnats Zone-h Security Advisory Date of discovery : 21 june 2004 Date of release : 24 june 2004 Bug found by Khan Shirani <shirani@...e-h.org> http://www.zone-h.org --------------------------------------- Software : GNU Gnats 4.00 Bugs : formats string bug(s) Risk : low/medium Platform : *nix --------------------------------------- Description: ============ GNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows problem report management and communication with users via various means. GNATS stores all the information about problem reports in its databases and provides tools for querying, editing, and maintenance of the databases. http://www.gnu.org/software/gnats/ Vulnerability: ============== A format string bug has been discovered in the Gnats package which could *possibly* be exploited to execute arbitrary commands. vulnerable code: ================ ---------------------- gnats-4.0\gnats\misc.c #ifdef HAVE_SYSLOG_H case SYSLOG: syslog (severity, buf); break; #endif ---------------------- Vendor Notice: ============== The Gnats team has been notified of the discoveries via <bug-gnats@....org> No patch is available at this time Copyright ========= Contents may not be altered without notification to original author permission is granted to reproduce this advisory on public databases. shirani@...e-h.org and all the zone-h team. http://www.zone-h.org
Powered by blists - more mailing lists