oss-sec mailing list archives
RE: Flightgear remote format string
From: "Christey, Steven M." <coley () mitre org>
Date: Thu, 2 May 2013 15:48:36 +0000
Andrés, Here is my interpretation of the problem. I believe there is some confusion because people don't usually think that a flight simulator could be accessible from a "remote" location. Is the following correct? 1) The Flightgear package includes a network server. This server can be run using fgfs.exe and specifying a port number using the "-telnet" argument, for example. 2) The format string problem is in the server. 3) Your exploit makes a connection to the server (on port 5501). 4) The exploit sends a number of format strings in the cloud names (using the "property tree"). For some reason, it sends the same command 5 times, and it sends this command for "layers" 1 through 5. 5) The exploit causes the server to crash. - Steve
-----Original Message----- From: Andrés Gómez Ramírez [mailto:andresgomezram7 () gmail com] Sent: Thursday, May 02, 2013 11:13 AM To: kseifried () redhat com Cc: oss-security () lists openwall com Subject: Re: [oss-security] Flightgear remote format stringSo it's not on by default? Is there any documentation specifically you can point me to regarding enabling/securing it?Hi, the detailed info is in the reference: http://kuronosec.blogspot.com/2013/04/flightgear-remote-format- string.html if you need more info, please let me know.
Current thread:
- Flightgear remote format string Andrés Gómez Ramírez (Apr 30)
- Re: Flightgear remote format string Kurt Seifried (Apr 30)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 01)
- Re: Flightgear remote format string Kurt Seifried (May 01)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
- RE: Flightgear remote format string Christey, Steven M. (May 02)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 01)
- Re: Flightgear remote format string Kurt Seifried (Apr 30)