* Sven Mueller: > http://www.dyadsecurity.com/webmin-0001.html > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341394 > > If this is considered a possible remote root compromise, the spampd bug > I reported a while ago to [EMAIL PROTECTED] (see also bug > #332259) is also a possible remote compromise (though not root > compromise as spampd runs as non-root). The current spampd package in > stable also uses the same syslog() function as webmin does, with a user > supplied value in the format string.
Steven M. Christey has posted an interesting summary: <http://lists.immunitysec.com/pipermail/dailydave/2005-November/002694.html> If code injection is possible, this has to be fixed in Perl's (s)printf implementation, I suppose. The DoS issues Steven described (and which are different from the postgrey daemon crash) cannot be be fixed at the sprintf level, though -- the interface practically requires that arbitrary amounts of memory can be allocated. Yuck. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
