Libsafe Format String Unimplemented Specifier Exploitation Vulnerability

Libsafe is a freely available, open source software package distributed and maintained by Avaya Labs. It is designed to act as a prophylactic measure against buffer overflow and format string attacks on Linux systems.

Under some circumstances, checks performed by the libsafe suite may be bypassed. This is due to the lack of implementation of some format specifier types in Libsafe. C library format specifiers "%'n" and "%In" are not implemented in Libsafe, and can therefore allow exploitation of format string vulnerabilities in which these specifiers are not correctly used.


 

Privacy Statement
Copyright 2010, SecurityFocus