This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi, nscd calls syslog without format string in the logging function. You cannot use it for an exploit, but a normal user can crash nscd if it runs with logging enabled. Here is the fix: 2000-09-26 Thorsten Kukuk <kukuk@suse.de> * nscd/dbg_log.c(dbg_log): Add missing format string --- nscd/dbg_log.c 1998/10/18 15:02:56 1.3 +++ nscd/dbg_log.c 2000/09/26 08:01:25 @@ -61,7 +61,7 @@ else { snprintf (msg, sizeof (msg), "%d: %s", getpid (), msg2); - syslog (LOG_NOTICE, msg); + syslog (LOG_NOTICE, "%s", msg); } va_end (ap); } -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |