RWhoisd remote format string vulnerability

From: root (rootat_private)
Date: Thu Oct 25 2001 - 10:23:53 PDT

Next message: Bob Niederman: "Re: Hidden requests to Apache"

Previous message: Jurjen Oskam: "Re: Hidden requests to Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

there is a serious bug in RWhoisd by NSI on all versions. 

it is possible for a user to supply the format string 
passed to print_error() simpley by using the "-soa" directive.
the results are obvious, we can write almost anywhere in the 
proc's memory thus executing code as the user running rwhoisd.
(usually rwhoisd , but can easily become root if rwhoisd.conf writeable)

TEXT/PLAIN attachment: gen.c

Next message: Bob Niederman: "Re: Hidden requests to Apache"
Previous message: Jurjen Oskam: "Re: Hidden requests to Apache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 10:37:13 PDT