Please note that this has also been fixed in 0.1.5 which has been available now for well over a week (Thanks to KF's
work at Snosoft).
There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase. These have all
been changed over to the safer usage of snprintf(). Certainly there may still be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.
Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it
if in future that was used.
Regards.
--
Paul L Daniels http://www.pldaniels.com
Linux/Unix systems Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806
work at Snosoft).
There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase. These have all
been changed over to the safer usage of snprintf(). Certainly there may still be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.
Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it
if in future that was used.
Regards.
--
Paul L Daniels http://www.pldaniels.com
Linux/Unix systems Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806
[ reply ]