[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Vulnerability in the Xt library
From: Mike Neuman <mcn () remise ! ORG>
Date: 1996-08-28 17:21:37
[Download RAW message or body]
> This pretty much depends on how doprnt works (also, the vs 3 compiler from
> Sun has different stack allocations, depending on the optimization).
You're right. My data point was from a Solaris 1.x system, which appears
to be invulnerable to this specific attack for the sprintf() format overflow
reason. (Hmmm, reason not to upgrade? :-) )
Actually, it seems the BSD _doprnt (including the 4.4BSD equivalent
vfprintf() ) will continue until they encounter a '\0' (or segfault), which
probably means they are somewhat less vulnerable.
Thanks for the clarification.
-Mike
mcn@EnGarde.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic