Vulnerability Development mailing list archives
Re: m4 and format strings
From: Jarno Huuskonen <Jarno.Huuskonen () uku fi>
Date: Wed, 27 Jun 2001 10:24:54 +0300
On Tue, Jun 26, KF wrote:
I noticed on NT my m4 binary had format strings issues...
[cut cut]
[elguapo@linux elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file or directory can anyone think of a situation where this could cause root to be exploitated... m4 is not suid to my understanding.
The m4 format string issue did come up a few months ago (either on vuln-dev or bugtraq...). I think there was some discussion if it can be exploited. Anyway if somebody is interested here's a patch: --- m4-1.4/src/m4.c.orig Sat Feb 3 23:06:37 2001 +++ m4-1.4/src/m4.c Sat Feb 3 23:07:26 2001 @@ -369,7 +369,7 @@ case 'o': if (!debug_set_output (optarg)) - error (0, errno, optarg); + error (0, errno, "%s", optarg); break; case 's': @@ -466,7 +466,7 @@ fp = path_search (argv[optind]); if (fp == NULL) { - error (0, errno, argv[optind]); + error (0, errno, "%s", argv[optind]); continue; } else -Jarno -- Jarno Huuskonen <Jarno.Huuskonen () removeme uku fi>
Current thread:
- m4 and format strings KF (Jun 26)
- Re: m4 and format strings Jarno Huuskonen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
- Re: m4 and format strings Robert van der Meulen (Jun 27)
- Re: m4 and format strings Samy Kamkar [CommPort5] (Jun 27)
- Re: m4 and format strings KF (Jun 27)
- Re: m4 and format strings Matt Zimmerman (Jun 27)
- Re: m4 and format strings Robert van der Meulen (Jun 27)