|
Vulnerability Development
mailing list archives
Re: format-string exploit under Wndows?
From: 11a () GMX NET (Bluefish)
Date: Tue, 18 Jul 2000 02:10:18 +0200
On the other hand there's no need for such exploits - make is executed with
the same privileges that the user who is invoking it and only he could
exploit it. Why should he do it? What could he gain from this?
It obviouslt depends upon what the final application would be doing;
consider the fact that numerous applications recieves data not only from
the user executing the application, but from other sources as well
(from enviromental variables, servers, connecting clients, read files etc
etc)
sprintf(errmsg, _("%s: Interrupt/Exception caugh "), prg);
fprintf(stderr, errmsg);
Well, I think this time it is not about ANSI bombs but formatting
errors. %s %n etc. can be put in "prg" and I'm almost sure this can be
exploited.
Hey, actually reading an email carefully before answering is cheating ;)
Agree, that can possibly be exploited as well in order to crash the
application using that trick. Or to modify return address as
described by Thomas Dullien earlier (thanks for a nice post, TD)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
 By Date 
By Thread
Current thread:
- Re: Probally Bug in latest Bind : remote overwrite dns table entries, (continued)
|
Intro
