On Thu, 2 Feb 2012, Jakub Wilk wrote:
* Harry Sintonen <sinto...@iki.fi>, 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of exploiting string format
vulnerabilities even with -D_FORTIFY_SOURCE=2.
If you're referring to the glibc args_type[specs[cnt].width_arg] = PA_INT;
32-bit 0-write to reset the FORTIFY flag, sure it is possible, but rather
painful with ASLR. It is true however that if you get to exploit this
thing you run it locally, making it quite fast to bruteforce (albeit with
some noise in the logs).
Of course I wasn't suggesting that you should skip updating to the fixed
version or anything.
But agreed, "safe" was perhaps a bit too strong statement. "relatively
safe" would have been more suitable.
Regards,
--
l=2001;main(i){float o,O,_,I,D;for(;O=I=l/571.-1.75,l;)for(putchar(--l%80?
i:10),o=D=l%80*.05-2,i=31;_=O*O,O=2*o*O+I,o=o*o-_+D,o+_+_<4+D&i++<87;);puts
(" Harry 'Piru' Sintonen <sinto...@iki.fi> http://www.iki.fi/sintonen";);}
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
