> Hello while doing a scan for format strings vulns on util-linux package > it came back with the following results. > > ./login.c:398 FUNC fprintf > ./login.c:425 FUNC fprintf > ./login.c:597 FUNC fprintf > ./login.c:614 FUNC fprintf > ./login.c:775 FUNC printf > ./login.c:796 FUNC fprintf > ./login.c:800 FUNC fprintf > ./login.c:1109 FUNC syslog ... This doesn't mean that these are vulnerable function calls. For example fprintf(stderr, "Sorry, your password is invalid"); or syslog(LOG_NOTICE, "User %s is a moron", username); are completly legitimate ways to call these functions and don't have any vulnerability in them that anyone knows about currently. The presense of a function that *could* be used poorly doesn't mean it *is* used poorly. Sounds like you're just grepping for potential abuses. Now you need to go and look at how the functions are actually called. For example syslog(LOG_NOTICE, some_char_array_using_user_input); is definately a bad way to write it. Whether the call is actually exploitable is a different question. But regardless it should be fixed. -- Brian Hatch Linux. The OS for Systems and those with an IQ Security Engineer greater than 98. http://www.ifokr.org/bri/ Every message PGP signed
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 11:46:50 PST