PWC.CGI Syslog Format String Vulnerability

Solution:
Patch:

change
syslog(LOG_ERR, buffer);
to
syslog(LOG_ERR, "%s", buffer);



 

Privacy Statement
Copyright 2010, SecurityFocus