[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Re: m4 and format strings]
From: |
Gary V . Vaughan |
Subject: |
Re: [Fwd: Re: m4 and format strings] |
Date: |
Thu, 9 Aug 2001 10:32:18 +0100 |
On Wednesday 27 June 2001 12:43 pm, KF wrote:
> On Tue, Jun 26, KF wrote:
> >?I noticed on NT my m4 binary had format strings issues...
>
> [cut cut]
>
> >address@hidden elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x
> >?m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file
> >?or directory
> >?
> >?can anyone think of a situation where this could cause root
> >?to be exploitated... m4 is not suid to my understanding.
>
> The m4 format string issue did come up a few months ago (either on
> vuln-dev or bugtraq...). I think there was some discussion if it can be
> exploited.
I just applied the original patch from Andreas Schwab (which is identical to
yours!).
Cheers,
Gary.
--
())_. Gary V. Vaughan gary@(oranda.demon.co.uk|gnu.org)
( '/ Research Scientist http://www.oranda.demon.co.uk ,_())____
/ )= GNU Hacker http://www.gnu.org/software/libtool \' `&
`(_~)_ Tech' Author http://sources.redhat.com/autobook =`---d__/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Fwd: Re: m4 and format strings],
Gary V . Vaughan <=