At 05:41 PM 26-01-2003 -0600, you wrote:
>There is also a few other on other programs but i thought these 2 would
be most important since passwd >is suid and login could be exploited
remotly. I am not very experianced in format strings any >help/commets
would be great. Would these be able to get exploited?
i'm not sure what utility you used to find those "vulns", but i think
that author should have his head examined, or perhaps you're just too
ignorant to know how to properly work it. there are *no* format string
vulnerabilities in the files you reported. the lack of a format specifier
does *not* implicate bad code. printf("you are dumb"); is perfectly legal ..
Ugh. Let me translate this into adult for you.
UGH. they are not exploitable because *THEY ARE NOT BUGS*
"No, I don't believe they are exploitable."
m5x
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html