Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
format string vulnerability in Gnats
Jun 25 2004 04:42PM
Khan Shirani (khan_shirani yahoo com)
Zone-h Security Advisory
Date of discovery : 21 june 2004
Date of release : 24 june 2004
Bug found by Khan Shirani
<shirani (at) zone-h (dot) org [email concealed]>
http://www.zone-h.org
---------------------------------------
Software : GNU Gnats 4.00
Bugs : formats string bug(s)
Risk : low/medium
Platform : *nix
---------------------------------------
Description:
============
GNU GNATS is a set of tools for tracking bugs reported by users to a central site.
It allows problem report management and communication with users via various means.
GNATS stores all the information about problem reports
in its databases and provides tools for querying, editing, and maintenance of the databases.
http://www.gnu.org/software/gnats/
Vulnerability:
==============
A format string bug has been discovered in the Gnats package which
could *possibly* be exploited to execute arbitrary commands.
vulnerable code:
================
----------------------
gnats-4.0\gnats\misc.c
#ifdef HAVE_SYSLOG_H
case SYSLOG:
syslog (severity, buf);
break;
#endif
----------------------
Vendor Notice:
==============
The Gnats team has been notified of the discoveries via <bug-gnats (at) gnu (dot) org [email concealed]>
No patch is available at this time
Copyright
=========
Contents may not be altered without notification to original author
permission is granted to reproduce this advisory on public databases.
shirani (at) zone-h (dot) org [email concealed]
and all the zone-h team.
http://www.zone-h.org
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Zone-h Security Advisory
Date of discovery : 21 june 2004
Date of release : 24 june 2004
Bug found by Khan Shirani
<shirani (at) zone-h (dot) org [email concealed]>
http://www.zone-h.org
---------------------------------------
Software : GNU Gnats 4.00
Bugs : formats string bug(s)
Risk : low/medium
Platform : *nix
---------------------------------------
Description:
============
GNU GNATS is a set of tools for tracking bugs reported by users to a central site.
It allows problem report management and communication with users via various means.
GNATS stores all the information about problem reports
in its databases and provides tools for querying, editing, and maintenance of the databases.
http://www.gnu.org/software/gnats/
Vulnerability:
==============
A format string bug has been discovered in the Gnats package which
could *possibly* be exploited to execute arbitrary commands.
vulnerable code:
================
----------------------
gnats-4.0\gnats\misc.c
#ifdef HAVE_SYSLOG_H
case SYSLOG:
syslog (severity, buf);
break;
#endif
----------------------
Vendor Notice:
==============
The Gnats team has been notified of the discoveries via <bug-gnats (at) gnu (dot) org [email concealed]>
No patch is available at this time
Copyright
=========
Contents may not be altered without notification to original author
permission is granted to reproduce this advisory on public databases.
shirani (at) zone-h (dot) org [email concealed]
and all the zone-h team.
http://www.zone-h.org
[ reply ]