mailing list archives
Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution
From: "Phantasmal Phantasmagoria" <phantasmal () hush ai>
Date: Thu, 11 Nov 2004 20:56:00 -0800
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote:
Package : gnats
Vulnerability : format string vulnerability
Problem-Type : remote
CVE ID : CAN-2004-0623
BugTraq ID : 10609
Debian Bug : 278577
Khan Shirani discovered a format string vulnerability in gnats,
GNU problem report management system. This problem may be
to execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your gnats package.
There are exactly zero ways of exploiting this "moderately critical"
 vulnerability. In fact, it's not a vulnerability at all. If
Shirani had done a two minute check of the relevant log_msg() calls
(i.e. those with a severity of LOG_ERR as opposed to LOG_INFO) he
would of found zero instances of user supplied data being used as
Before someone embarrasses themselves please take note that the LOG_
INFO severity log_msg() calls do not get passed to syslog(), as
debug_level can only be set to LOG_INFO by a call to
enable_debugging(), of which there are none.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program:
Full-Disclosure - We believe in it.