[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
texinfo vulnerability still working in 4.11
From: |
Cody Rester |
Subject: |
texinfo vulnerability still working in 4.11 |
Date: |
Fri, 16 Nov 2007 08:59:48 -0600 |
I got around to installing texinfo 4.11 from source this morning, and
the codebase is still vulnerable to a local format string attack.
While texinfo isn't setuid root, and it's still a local (not remote)
attack, this needs to be patched ASAP. Every linux distro that
contains GNU texinfo <= 4.11 has this bug, and if anything were to
ever change, it would be a nice vector for attacking someone's system.
To try out the vulnerability on your system, just type in:
info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
The data you get back is data off the processor stack, which is NOT
supposed to happen. It's passing a C format string to the program
which is executing it. Hope this gets fixed soon.
Sincerely,
Cody Rester
address@hidden
- texinfo vulnerability still working in 4.11,
Cody Rester <=