On Wed, Apr 04, 2007 at 08:04:52PM +0300, Eddy Petri\u0219or wrote:
> > I tagged this bug as grave+security because it can be used to make
> > elinks load any corrupted file, and possibly execute arbitrary code.
> How? Those are only strings. Nothing is executed from po/mo/gmo files.
Beside the segfault that could potentially be exploited, as it was
already answered by Steve Langasek, I can see another attack vector.
Since the attacker has the full control of the gettext catalog, I
suspect that some sort of format string attack could be doable (I
haven't tried).
Arnaud
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
