[15681] in bugtraq
ANNOUNCE: PScan, a simple security scanner.
daemon@ATHENA.MIT.EDU (Alan DeKok)
Fri Jul 7 16:08:18 2000
Message-Id: <200007071847.OAA29393@cpu1751.adsl.bellglobal.com>
Date: Fri, 7 Jul 2000 14:47:13 -0400
Reply-To: Alan DeKok <aland@STRIKER.OTTAWA.ON.CA>
From: Alan DeKok <aland@STRIKER.OTTAWA.ON.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
[ This should probably wait until Monday to be released ... ]
I've written a simple GPL'd security scanner for the classic
problems of printf-style functions, where a variable contains
formatting characters. e.g.:
variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */
The preferred solution would be to call sprintf in the following
manner:
sprintf(buffer, "%s", variable); /* Probably OK */
That's really all it does. But it does allow for user supplied
per-application configuration files for problematic functions.
The URL is: http://www.striker.ottawa.on.ca/~aland/pscan/
I've taken the liberty of scanning the latest wu-ftpd source, and
posting the results on the web page. I've checked the result, and
didn't see any obviously exploitable holes, but the wu-ftpd people may
want to double-check that themselves.
I took some care to minimize the number of false positives that the
program produces, and to make the output and documentation clear.
That should help to make it a useful program, which can be one more
step in securing your programs.
Alan DeKok.
