[SECUNIA] Question regarding reported vulnerability in log

bug-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECUNIA] Question regarding reported vulnerability in log_msg() in misc

From:	Carsten H. Eiram
Subject:	[SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c
Date:	Wed, 10 Nov 2004 11:34:33 +0100

Hi,

Some months ago, Khan Shirani reported a format string vulnerability in
the "log_msg()" function in "misc.c", which according to him possibly
could be exploited.

http://marc.theaimsgroup.com/?l=bugtraq&m=108820000823191&w=2

Today, Debian issued a patch for this issue and a security advisory
stating that the issue can be exploited for code execution.

http://www.debian.org/security/2004/dsa-590

We have reserved SA11069 for this issue and will be releasing it later
today.

However, to ensure that the information in our advisory is as correct as
possible, we would appreciate your thoughts on how this issue can be
exploited, by whom, and when you are planning to release a patch.

Thanks in advance.

-- 

Med venlig hilsen / Kind regards


Carsten H. Eiram
IT Security Specialist

Secunia 
Toldbodgade 37B
DK-1253 Copenhagen K
Denmark 

Phone  +45 7020 5144
Fax    +45 7020 5145

[Prev in Thread]

Current Thread

[Next in Thread]

[SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c, Carsten H. Eiram <=
- Re: [SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c, Chad Walstrom, 2004/11/10
  - Preparing 4.0.1: Patch release of 4.0, Chad Walstrom, 2004/11/10

Prev by Date: [address@hidden: Bug#280498: gnatsweb.pl: Wrong email addresses for PR 'responsible' persons]
Next by Date: Re: [SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c
Previous by thread: [address@hidden: Bug#280498: gnatsweb.pl: Wrong email addresses for PR 'responsible' persons]
Next by thread: Re: [SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c
Index(es):
- Date
- Thread