A full-disclosure user reported issue in sudo. Please verify:
http://seclists.org/fulldisclosure/2012/Jan/590 I hope the version
information is correct in this bug-report.
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
This makes current sid package (1.8.3p1-3) safe. Any attempt to exploit
the vulnerability via format string (%n) results in:
*** %n in writable segment detected *** and controlled abort.
Relevant fortify code can be found from glibc:
http://pastebin.com/C6jLM8r8
Testing has 1.8.3p1-2 which *is* exploitable (assuming other security
features such as ASLR can be bypassed).
Stable has 1.7.4p4-2.squeeze.2 which doesn't have the -D flag or the
vulnerable code at all, and thus is safe:
sudo: invalid option -- 'D'
Regards,
--
l=2001;main(i){float o,O,_,I,D;for(;O=I=l/571.-1.75,l;)for(putchar(--l%80?
i:10),o=D=l%80*.05-2,i=31;_=O*O,O=2*o*O+I,o=o*o-_+D,o+_+_<4+D&i++<87;);puts
(" Harry 'Piru' Sintonen <sinto...@iki.fi> http://www.iki.fi/sintonen";);}
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
