Package: anon-proxy Version: 00.02.39-7 Severity: serious Tags: patch, upstream
The logging code in anon-proxy contains a misuse of the syslog function allowing potential remote compromise of the host it is running upon. (This depends whether logging is enabled). The patch below fixes the issue. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit --- CAMsg.cpp-orig 2005-08-29 21:17:42.000000000 +0100 +++ CAMsg.cpp 2005-08-29 21:18:30.000000000 +0100 @@ -124,7 +124,7 @@ { case MSG_LOG: #ifndef _WIN32 - syslog(type,oMsg.m_strMsgBuff); + syslog(type,"%s",oMsg.m_strMsgBuff); #endif break; case MSG_FILE: [EMAIL PROTECTED]:/tmp/anon-proxy-00.02.39$ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
