Re: format strings vulns in /bin/login and /usr/bin/passwd

[qobaiashi <qobaiashi () gmx net>]

On Sunday 26 January 2003 09:13, you wrote:
> Hello while doing a scan for format strings vulns on util-linux package it
> came back with the following results.

[...]

> There is also a few other on other programs but i thought these 2 would be
> most important since passwd is suid and login could be exploited remotly. I
> am not very experianced in format strings any help/commets would be great.


wow i can't belive it. you really did it? i mean _how_ did you find these 
bugs?

...back to your implied question: no i will not write an auto-exploit0r 
script that gives you woot_woot_root on all systems...



-q

> Would these be able to get exploited?
>
> Regards
>
> Faulty () b0f net
>
> www.b0f.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html