[28218] in bugtraq
RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B)
daemon@ATHENA.MIT.EDU (Stefan Esser)
Mon Dec 16 16:16:20 2002
Date: Mon, 16 Dec 2002 21:39:32 +0100
From: Stefan Esser <s.esser@e-matters.de>
To: bugtraq@securityfocus.com
Message-ID: <20021216203932.GA3893@php.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002001c2a53d$07a90260$2601010a@ngssoftware.com>
Hello,
> Due to the way requests are logged the only way to exploit this
> vulnerability is through setting the DNS name of the fingering host to the
> attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not allow % within domain
names and so your format string vulnerability is not exploitable at all...
Stefan Esser
