mailing list archives
Format strings: Summary and rant
From: Chris Evans <chris () SCARY BEASTS ORG>
Date: Tue, 26 Sep 2000 00:58:39 +0100
The previous messages describing various format string bugs were found in
a single evening.
Each bug was discovered by executing the following command across an
unpacked source tree:
find . -name \*.c | xargs grep syslog | less
No, it it not a comprehensive test for format string bugs (it misses
*printf* family, as well as stuff not in .c files, etc). The point is that
a trivial and almost automated effort found some serious bugs.
We have to assume that crackers have a little stockpile of non-public
format string exploits from simple greps like the above. This stockpile
needs to be eroded ASAP.
Personally, if I were in a team responsibile for a widely deployed piece
of internet server software, I would have been very very scared by the
initial format string discovery in wu-ftpd. I would have performed an
immediate check of my software for similar bugs. It would not have taken
long to perform this check.
Are you involved in the maintenance of any server software? If so, please
check your code for format strings bugs, or someone like me will "make you
famous" on bugtraq.
As a user of internet server software, feel free to ask the maintenance
team if they have auditied their software for this class of flaw.
- Format strings: Summary and rant Chris Evans (Sep 26)