BugTraq
PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 07:55PM
NGSSoftware Insight Security Research (nisr nextgenss com) (2 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 26 2002 10:07PM
Andreas Tscharner (starfire dplanet ch)
RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 08:39PM
Stefan Esser (s esser e-matters de) (2 replies)

Hello,

> Due to the way requests are logged the only way to exploit this
> vulnerability is through setting the DNS name of the fingering host to the
> attacker supplied format string.

I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not allow % within domain
names and so your format string vulnerability is not exploitable at all...

Stefan Esser

[ reply ]
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 04:56AM
Valdis Kletnieks vt edu (1 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 06:37AM
Stefan Esser (s esser e-matters de) (2 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 18 2002 02:16PM
Andreas Borchert (bugtraq andreas-borchert de)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 05:44PM
der Mouse (mouse Rodents Montreal QC CA)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 09:49PM
der Mouse (mouse Rodents Montreal QC CA)


 

Privacy Statement
Copyright 2010, SecurityFocus