[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: Re: m4 and format strings]
|
From: |
KF |
|
Subject: |
[Fwd: Re: m4 and format strings] |
|
Date: |
Wed, 27 Jun 2001 07:43:51 -0400 |
-------- Original Message --------
Subject: Re: m4 and format strings
Date: Wed, 27 Jun 2001 10:24:54 +0300
From: Jarno Huuskonen <address@hidden>
To: address@hidden
References: <address@hidden>
On Tue, Jun 26, KF wrote:
> I noticed on NT my m4 binary had format strings issues...
[cut cut]
> address@hidden elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x
> m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file
> or directory
>
> can anyone think of a situation where this could cause root
> to be exploitated... m4 is not suid to my understanding.
The m4 format string issue did come up a few months ago (either on
vuln-dev or bugtraq...). I think there was some discussion if it can be
exploited. Anyway if somebody is interested here's a patch:
--- m4-1.4/src/m4.c.orig Sat Feb 3 23:06:37 2001
+++ m4-1.4/src/m4.c Sat Feb 3 23:07:26 2001
@@ -369,7 +369,7 @@
case 'o':
if (!debug_set_output (optarg))
- error (0, errno, optarg);
+ error (0, errno, "%s", optarg);
break;
case 's':
@@ -466,7 +466,7 @@
fp = path_search (argv[optind]);
if (fp == NULL)
{
- error (0, errno, argv[optind]);
+ error (0, errno, "%s", argv[optind]);
continue;
}
else
-Jarno
--
Jarno Huuskonen <address@hidden>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fwd: Re: m4 and format strings],
KF <=