Fw: RWhoisd remote format string vulnerability

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Ottobre 2001 ml@sikurezza.org
Soggetto: Fw: RWhoisd remote format string vulnerability
Mittente: Francesco Toscan
Data: 25 Oct 2001 16:25:12 -0000

A titolo informativo, non avendo visto un post su bugtraq...

> ----- Original Message -----
> From: "root" <root@cow.net>
> To: <freebsd-security@freebsd.org>
> Sent: Thursday, October 25, 2001 7:25 PM
> Subject: RWhoisd remote format string vulnerability
>
>
> > Hello,
> >
> > there is a serious bug in RWhoisd by NSI on all versions.
> >
> > it is possible for a user to supply the format string
> > passed to print_error() simpley by using the "-soa" directive.
> > the results are obvious, we can write almost anywhere in the
> > proc's memory thus executing code as the user running rwhoisd.
> > (usually rwhoisd , but can easily become root if rwhoisd.conf writeable)
> >
> >
> >
>


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: R: Event viewer, Marco
- successivo: Info, pippo
- indice

Argomento:
- precedente: ntguardian, Di Dio, Adolfo
- successivo: Info, pippo
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005