Date: Fri, 8 Sep 2000 14:47:07 +0200 From: Gabor Zahemszky <ZGabor@CoDe.hu> To: freebsd-security@freebsd.org Cc: kris@freebsd.org Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000908144707.F682@zg.CoDe.hu> In-Reply-To: <Pine.BSF.4.21.0009070223140.87691-100000@freefall.freebsd.org>; from kris@FreeBSD.ORG on Thu, Sep 07, 2000 at 02:53:51AM -0700 References: <Pine.BSF.4.21.0009071114230.354-100000@bagabeedaboo.security.at12.de> <Pine.BSF.4.21.0009070223140.87691-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 07, 2000 at 02:53:51AM -0700, Kris Kennaway wrote:
> HOWEVER: no program shipped in the FreeBSD base system is believed to be
> vulnerable to either of these problems.
>
> They both affect catopen(), and we don't use that function at all except
> in tcsh, which is non-privileged. We don't even have any code which has
Oops!
On my 3.4R system, there is a little utility, named: ee (and ree), and it
is using catopen(). I don't think it changed in 4.x, is it?
ZGabor at CoDe dot HU
--
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000908144707.F682>