Potentially insecure format string handling in PAM support
Damien Miller
djm at mindrot.org
Sat Jul 8 10:14:34 EST 2000
On Fri, 7 Jul 2000, Aaron Hopkins wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> With the recent remote root Wu-ftpd exploit based upon incorrect
> format string handling (processing user-supplied data as format
> strings), I've taken to scanning any code with elevated permissions
> for similar problems.
>
> I found one in the portable version of OpenSSH. Its only outputting
> messages passed back by PAM, I think, so I don't think its
> exploitable. But the format string processing isn't needed here, so
> it should be painless to remove.
Thanks - applied.
--d
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
More information about the openssh-unix-dev
mailing list