Hi,
I agree with Olaf. Both format strings and buffer overflow in Rotor.cpp
could allow user-assisted remote attackers to execute arbitrary code, if
flightgear's users download material (aircraft, airports, etc) from an
untrusted web page or even an e-mail. Take a look of a vulnerability I
found b
Hi Torsten,
I am quite sure Flightgear has remote exploitable bugs.
Think about social attack vectors like custom sceneries, special interest
aircraft models. And the multiplayer protocol, or the httpd server
Running malicious code in user context is bad enough...
Olaf
>
> This is lo
Hi Andres,
thanks for pointing these out. We have been chasing and replacing
(s)(n)printfs in our code over the years but not at a high priority.
Everytime I (and others) are working on a file and stumble upon a
printf, we try to replace this with more robust code.
This is low priority, because
Hi Curtis,
Here I send details about buffer overflows I commented before:
The first one is in flightgear/src/FDM/YASim/Rotor.cpp
line 271 int Rotor::getValueforFGSet(int j,char *text,float *f)
{
.
.
.
line 277 sprintf(tex
Hi,
I have found multiple format string vulnerabilities in Flightgear and
Simgear. This could allow an attacker to execute arbitrary code in a
Flightgear user's machine. This is possible because user controlled format
string is passed directly to printf family functions without any
validation. Fo
5 matches
Mail list logo
