Attachment 21859 Details for Bug 57666

gnats-report.txt

gnats-report.txt (text/plain), 1.44 KB, created by Thomas Biege on 2004-07-01 20:18:30 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Thomas Biege

Created: 2004-07-01 20:18:30 UTC

Size: 1.44 KB

patch

obsolete

>Subject: format string vulnerability in Gnats
>
>
>
>Zone-h Security Advisory 
>Date of discovery : 21 june 2004
>Date of release : 24 june 2004
>Bug found by Khan Shirani
><shirani@zone-h.org>
>http://www.zone-h.org
>
>---------------------------------------
>Software : GNU Gnats 4.00
>Bugs : formats string bug(s)
>Risk : low/medium
>Platform : *nix
>---------------------------------------
>
>
>Description:
>============
>
>GNU GNATS is a set of tools for tracking bugs reported by users to a central site. 
>It allows problem report management and communication with users via various means. 
>GNATS stores all the information about problem reports 
>in its databases and provides tools for querying, editing, and maintenance of the databases. 
>http://www.gnu.org/software/gnats/
>
>
>Vulnerability:
>==============
>
>A format string bug has been discovered in the Gnats package which 
>could *possibly* be exploited to execute arbitrary commands.
>
>
>vulnerable code:
>================
>
>
>----------------------
>gnats-4.0\gnats\misc.c
>
>#ifdef HAVE_SYSLOG_H
>case SYSLOG:
>syslog (severity, buf);
>break;
>#endif
>----------------------
>
>
>Vendor Notice:
>==============
>
>The Gnats team has been notified of the discoveries via <bug-gnats@gnu.org>
>No patch is available at this time
>
>
>Copyright
>=========
>
>Contents may not be altered without notification to original author
>permission is granted to reproduce this advisory on public databases.
>
>
>shirani@zone-h.org
>and all the zone-h team.
>http://www.zone-h.org
>

Actions: View

Attachments on bug 57666: 21859 | 22210