Re: format string bug in nm_info_handler

From: Ray Strode <halfline gmail com>
To: Ian Jackson <ian davenant greenend org uk>
Cc: Thomas Hood <jdthood aglu demon nl>, thom may ubuntu com, networkmanager-list gnome org
Subject: Re: format string bug in nm_info_handler
Date: Fri, 29 Jul 2005 22:02:56 -0400

Hi,

>         syslog (syslog_priority, "%s", message);
I've commited this to CVS.
 
> I can't figure out whether this is exploitable.  That would depend on
> what kinds of messages an attacker could get passed g_log.
Unfortunately, access point essids are passed to the logging functions
in quite a few places.  So  if a user tries to connect to an access
point with a bad essid, Network Manager may crash or worse.

--Ray Strode

References:
- format string bug in nm_info_handler
  - From: Ian Jackson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]