[Full-disclosure] formatfun
- From: kcope <kingcope@xxxxxxx>
- Date: Fri, 24 Mar 2006 17:51:04 +0100
Hello,
mod_ssl:
/httpd-2.0.48/modules/ssl/ssl_engine_kernel.c (also in 2.0.55)
proto: ap_log_error(constchar*file,intline,intlevel,apr_status_tstatus,constserver_rec*s,constchar*fmt,...)
code: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff);
is this exploitable?
sendmail 8.13.5:
sendmail-8.13.5/sendmail/main.c
proto: sm_setproctitle(boolstatus,ENVELOPE*e,constchar*fmt,...) code: sm_setproctitle(true, CurEnv, qtype);
_NOT_ exploitable because sendmail DROPS PRIVILEGES! mailqueue anyone?
openssh-4.0p1:
file: openssh-4.0p1/openssh-4.0p1/auth1.c
proto: packet_disconnect(constchar*fmt,...) code: packet_disconnect(msg);
i guess thats not exploitable since msg is not user supplied.
any pointers from the list?
- - kcope
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] formatfun
- From: Marcus Meissner
- Re: [Full-disclosure] formatfun
- Prev by Date: RE: [Full-disclosure] Secure HTTP
- Next by Date: Re: [Full-disclosure] help about tool to control x window client (xterm) script-like way
- Previous by thread: [Full-disclosure] [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro
- Next by thread: Re: [Full-disclosure] formatfun
- Index(es):
