Bugtraq mailing list archives
Re: Format strings: bug #1: BSD-lpr
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Tue, 26 Sep 2000 00:02:48 -0700
On Tue, 26 Sep 2000, Chris Evans wrote:
OpenBSD ship BSD-lpr. Not only have they already fixed this in their CVS, but they also offer web indexed CVS. They caught it independently as part of their "format strings" audit. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/lpd/printjob.c?r1=1.19&r2=1.20
It seems FreeBSD fixed this one back in 1997: http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/lpr/lpd/printjob.c.diff?r1=1.17&r2=1.18 (I was worried for a second there when I didnt remember catching this one in our recent audit sweep ;-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu>
Current thread:
- Format strings: bug #1: BSD-lpr Chris Evans (Sep 25)
- Re: Format strings: bug #1: BSD-lpr Kris Kennaway (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Sean Winn (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Sean Winn (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Jouko Pynn?nen (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Valdis Kletnieks (Sep 27)