lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040625174254.33572.qmail@web52703.mail.yahoo.com>
From: khan_shirani at yahoo.com (Khan Shirani)
Subject: format string vulnerability in Gnats

Zone-h Security Advisory                                                                                       Date of discovery : 21 june 2004
Date of release : 24 june 2004                                                                                      http://www.zone-h.org

Bug found by Khan Shirani 
<shirani@...e-h.org> 

---------------------------------------
Software : GNU Gnats 4.00
Bugs : formats string bug(s)
Risk : low/medium
Platform : *nix
--------------------------------------- 

Description:
============ 
GNU GNATS is a set of tools for tracking bugs reported by users to a central site. 
It allows problem report management and communication with users via various means. 
GNATS stores all the information about problem reports 
in its databases and provides tools for querying, editing, and maintenance of the databases. 
http://www.gnu.org/software/gnats/ 

Vulnerability:
============== 
A format string bug has been discovered in the Gnats package which 
could *possibly* be exploited to execute arbitrary commands. 

vulnerable code:
================ 

----------------------
gnats-4.0\gnats\misc.c 
#ifdef HAVE_SYSLOG_H
case SYSLOG:
syslog (severity, buf);
break;
#endif
---------------------- 

Vendor Notice:
============== 
The Gnats team has been notified of the discoveries via <bug-gnats@....org>
No patch is available at this time 

Copyright
========= 
Contents may not be altered without notification to original author
permission is granted to reproduce this advisory on public databases. 

shirani@...e-h.org
and all the zone-h team.
http://www.zone-h.org


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040625/c2953759/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ