On Thu, 2 Feb 2012, Jakub Wilk wrote:
* Harry Sintonen <[email protected]>, 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of exploiting string format
vulnerabilities even with -D_FORTIFY_SOURCE=2.
If you're referring to the glibc args_type[specs[cnt].width_arg] = PA_INT;
32-bit 0-write to reset the FORTIFY flag, sure it is possible, but rather
painful with ASLR. It is true however that if you get to exploit this
thing you run it locally, making it quite fast to bruteforce (albeit with
some noise in the logs).
Of course I wasn't suggesting that you should skip updating to the fixed
version or anything.
But agreed, "safe" was perhaps a bit too strong statement. "relatively
safe" would have been more suitable.
Regards,
--
l=2001;main(i){float o,O,_,I,D;for(;O=I=l/571.-1.75,l;)for(putchar(--l%80?
i:10),o=D=l%80*.05-2,i=31;_=O*O,O=2*o*O+I,o=o*o-_+D,o+_+_<4+D&i++<87;);puts
(" Harry 'Piru' Sintonen <[email protected]> http://www.iki.fi/sintonen";);}
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
