Package: prozilla Version: 1:1.3.7.3-1 Severity: grave prozilla has another security hole. A format string vulnerability allows remote code execution. I've not verified this, but here's the exploit:
http://downloads.securityfocus.com/vulnerabilities/exploits/prozillaFormatString.c Based on info at the end of this gentoo bug repprt, the format string problem involves a double expansion of a string from the server between message() and curses_message(). In message(), we have: va_start(vp, args); vsnprintf(p, sizeof(p), args, vp); va_end(vp); switch (rt.display_mode) { case DISPLAY_CURSES: curses_message(p); The above vsnprintf is vulnerable to a format string attack. In curses_message(), we have: va_start(vp, args); vsnprintf(p, sizeof(p), args, vp); va_end(vp); Also vulnerable. There may be others. Upstream is apparently aware of this vulnerability. -- see shy jo
signature.asc
Description: Digital signature
