RWhoisd remote format string vulnerability
From: root (root@cow.net)
Date: 10/25/01
- Next message: Steve Littleford: "RE: Toner Cartridges"
- Previous message: Igor I. Ushatinsky: "Re: telnet limitation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Oct 2001 19:25:51 +0200 (IST) From: root <root@cow.net> To: freebsd-security@freebsd.org
Hello,
there is a serious bug in RWhoisd by NSI on all versions.
it is possible for a user to supply the format string
passed to print_error() simpley by using the "-soa" directive.
the results are obvious, we can write almost anywhere in the
proc's memory thus executing code as the user running rwhoisd.
(usually rwhoisd , but can easily become root if rwhoisd.conf writeable)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- TEXT/PLAIN attachment: gen.c
- Next message: Steve Littleford: "RE: Toner Cartridges"
- Previous message: Igor I. Ushatinsky: "Re: telnet limitation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
