('binary' encoding is not supported, stored as-is) Netric Security Team - http://www.netric.org by eSDee Posadis m5pre2 Type: Stackoverflow Priority: 2 [01] Description [02] Proof of concept [03] Vendor response [01] Description Posadis is a DNS server for Unix and Windows, available at http://posadis.sourceforge.net. The m5pre2 was a security release for the formatstring bug in the log_print function, discovered by kkr (http://online.securityfocus.com/bid/4378). The formatstring bug is fixed in m5pre2. However, there exists an unchecked buffer in the same log_print function of m5pre2 and prior, that can be exploited too. (remote ?) [02] Proof of concept A proof of concept exploit can be found at: www.netric.org/advisories/pos_expl2.c An example exploit for the formatstring bug in m5pre1: www.netric.org/advisories/pos_expl.c [03] Vendor response The vendor is informed, but has not responded yet.
This archive was generated by hypermail 2b30 : Wed Apr 17 2002 - 10:49:20 PDT