[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

texinfo vulnerability still working in 4.11

From: Cody Rester
Subject: texinfo vulnerability still working in 4.11
Date: Fri, 16 Nov 2007 08:59:48 -0600

I got around to installing texinfo 4.11 from source this morning, and
the codebase is still vulnerable to a local format string attack.
While texinfo isn't setuid root, and it's still a local (not remote)
attack, this needs to be patched ASAP. Every linux distro that
contains GNU texinfo <= 4.11 has this bug, and if anything were to
ever change, it would be a nice vector for attacking someone's system.
To try out the vulnerability on your system, just type in:

info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."

The data you get back is data off the processor stack, which is NOT
supposed to happen. It's passing a C format string to the program
which is executing it. Hope this gets fixed soon.

Cody Rester

reply via email to

[Prev in Thread] Current Thread [Next in Thread]