Home page logo

bugtraq logo Bugtraq mailing list archives

Formatstring Vulnerability in decfingerd 0.7
From: isox <isox () chainsawbeer com>
Date: Tue, 25 Jun 2002 03:12:27 -0700

Hello all,

I have no idea if this is the most current version of this application, I found it while browsing packetstormsecurity earlier. For all I know it may not even be kept current anymore.

Anyhow... bad call to syslog() is the culprit. I'm to lazy to code an exploit for this at the moment but it should be fairly trivial to do if anyone is interested in the task:

Culprit code: decfingerd.c

int main(void):
        char input[20], message[100];

        fgets(input, sizeof(input), stdin);

sprintf(message, "Client %s requested info for %s\n", remoteIP, input);
        syslog(0, message, sizeof(message));

Have a good one,

- isox () chainsawbeer com
- http://0xc0ffee.com

  By Date           By Thread  

Current thread:
  • Formatstring Vulnerability in decfingerd 0.7 isox (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]