Hello, there is a serious bug in RWhoisd by NSI on all versions. it is possible for a user to supply the format string passed to print_error() simpley by using the "-soa" directive. the results are obvious, we can write almost anywhere in the proc's memory thus executing code as the user running rwhoisd. (usually rwhoisd , but can easily become root if rwhoisd.conf writeable)
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 10:37:13 PDT