[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECUNIA] Question regarding reported vulnerability in log_msg() in misc
From: |
Carsten H. Eiram |
Subject: |
[SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c |
Date: |
Wed, 10 Nov 2004 11:34:33 +0100 |
Hi,
Some months ago, Khan Shirani reported a format string vulnerability in
the "log_msg()" function in "misc.c", which according to him possibly
could be exploited.
http://marc.theaimsgroup.com/?l=bugtraq&m=108820000823191&w=2
Today, Debian issued a patch for this issue and a security advisory
stating that the issue can be exploited for code execution.
http://www.debian.org/security/2004/dsa-590
We have reserved SA11069 for this issue and will be releasing it later
today.
However, to ensure that the information in our advisory is as correct as
possible, we would appreciate your thoughts on how this issue can be
exploited, by whom, and when you are planning to release a patch.
Thanks in advance.
--
Med venlig hilsen / Kind regards
Carsten H. Eiram
IT Security Specialist
Secunia
Toldbodgade 37B
DK-1253 Copenhagen K
Denmark
Phone +45 7020 5144
Fax +45 7020 5145
- [SECUNIA] Question regarding reported vulnerability in log_msg() in misc.c,
Carsten H. Eiram <=