RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B)

From: Stefan Esser (s.esser@e-matters.de)
Date: Mon Dec 16 2002 - 12:39:32 PST

Next message: NGSSoftware Insight Security Research: "[VulnWatch] PFinger 0.7.8 format string vulnerability (#NISR16122002B)"

Previous message: Pedram Amini: "Captaris (Infinite) WebMail XSS"
Next in thread: der Mouse: "Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)"
Reply: der Mouse: "Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

> Due to the way requests are logged the only way to exploit this
> vulnerability is through setting the DNS name of the fingering host to the
> attacker supplied format string.

I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not allow % within domain
names and so your format string vulnerability is not exploitable at all...

Stefan Esser

Next message: NGSSoftware Insight Security Research: "[VulnWatch] PFinger 0.7.8 format string vulnerability (#NISR16122002B)"
Previous message: Pedram Amini: "Captaris (Infinite) WebMail XSS"
Next in thread: der Mouse: "Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)"
Reply: der Mouse: "Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 16:46:30 PST