RE: Flightgear remote format string

["Christey, Steven M." <coley () mitre org>]

Andrés,

Here is my interpretation of the problem.  I believe there is some confusion because people don't usually think that a 
flight simulator could be accessible from a "remote" location.

Is the following correct?

1) The Flightgear package includes a network server.  This server can be run using fgfs.exe and specifying a port 
number using the "-telnet" argument, for example.

2) The format string problem is in the server.

3) Your exploit makes a connection to the server (on port 5501).

4) The exploit sends a number of format strings in the cloud names (using the "property tree").  For some reason, it 
sends the same command 5 times, and it sends this command for "layers" 1 through 5. 

5) The exploit causes the server to crash.

- Steve

> -----Original Message-----
> From: Andrés Gómez Ramírez [mailto:andresgomezram7 () gmail com]
> Sent: Thursday, May 02, 2013 11:13 AM
> To: kseifried () redhat com
> Cc: oss-security () lists openwall com
> Subject: Re: [oss-security] Flightgear remote format string
>
> > So it's not on by default? Is there any documentation specifically you
> > can point me to regarding enabling/securing it?
>
> Hi,
> the detailed info is in the reference:
>
> http://kuronosec.blogspot.com/2013/04/flightgear-remote-format-
> string.html
>
> if you need more info, please let me know.