I've checked the x-gw code, and each time pmsg as used, the buf argument is either a constant string or results from an sprintf(). so, for me, this is a false alarm... cheers, mouss At 14:49 16/11/00 -0800, [EMAIL PROTECTED] wrote: >A note has been sent to NAI support trying to validate the validity of the >vulnerability alert. I also have requested several time for >EsecurityOnline to verify this, since I could not replicate their >vulnerability alert. > >At 07:04 AM 11/17/00 +0900, Harry Behrens wrote: >>You guys call grep'ing for unformated xprintf() security research? Gimme a >>break! - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
