Re: format strings vulns in /bin/login and /usr/bin/passwd

> Hello while doing a scan for format strings vulns on util-linux package 
> it came back with the following results.
> 
> ./login.c:398 FUNC fprintf
> ./login.c:425 FUNC fprintf
> ./login.c:597 FUNC fprintf
> ./login.c:614 FUNC fprintf
> ./login.c:775 FUNC printf
> ./login.c:796 FUNC fprintf
> ./login.c:800 FUNC fprintf
> ./login.c:1109 FUNC syslog
...

This doesn't mean that these are vulnerable function calls.  For
example

        fprintf(stderr, "Sorry, your password is invalid");
or
        syslog(LOG_NOTICE, "User %s is a moron", username);

are completly legitimate ways to call these functions and don't
have any vulnerability in them that anyone knows about currently.
The presense of a function that *could* be used poorly doesn't
mean it *is* used poorly.  Sounds like you're just grepping for
potential abuses.  Now you need to go and look at how the functions
are actually called.  For example

        syslog(LOG_NOTICE, some_char_array_using_user_input);

is definately a bad way to write it.  Whether the call is actually
exploitable is a different question.  But regardless it should be fixed.



--
Brian Hatch                  Linux. The OS for
   Systems and                those with an IQ
   Security Engineer          greater than 98.
http://www.ifokr.org/bri/

Every message PGP signed

pgpwU8sBogVf9.pgp
Description: PGP signature