Vulnerability Development mailing list archives
Re: [Fwd: Re: m4 and format strings]
From: Gary V.Vaughan <gary () oranda demon co uk>
Date: Thu, 9 Aug 2001 10:32:18 +0100
On Wednesday 27 June 2001 12:43 pm, KF wrote:
On Tue, Jun 26, KF wrote:?I noticed on NT my m4 binary had format strings issues...[cut cut]?[elguapo@linux elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x ?m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file ?or directory ? ?can anyone think of a situation where this could cause root ?to be exploitated... m4 is not suid to my understanding.The m4 format string issue did come up a few months ago (either on vuln-dev or bugtraq...). I think there was some discussion if it can be exploited.
I just applied the original patch from Andreas Schwab (which is identical to yours!). Cheers, Gary. -- ())_. Gary V. Vaughan gary@(oranda.demon.co.uk|gnu.org) ( '/ Research Scientist http://www.oranda.demon.co.uk ,_())____ / )= GNU Hacker http://www.gnu.org/software/libtool \' `& `(_~)_ Tech' Author http://sources.redhat.com/autobook =`---d__/
Current thread:
- Re: [Fwd: Re: m4 and format strings] Gary V . Vaughan (Aug 10)