[ previous ] [ next ] [ threads ]
 From:  "Malte S. Stretz" <msquadrat dot nospamplease at gmx dot net>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  "ez-ipupdate: Format string vulnerability"
 Date:  Thu, 11 Nov 2004 21:13:26 +0100
This [1] just hit the GLSA feed.  From the Full Disclosure Announcement [2]:
| The format string bug allows a malicious remote server to execute
| arbitrary code on the machine running ez-ipupdate, if and only if daemon
| mode is on (very common) and certain service types are used. I have
| attached a trivial patch (against 3.0.11b8) that corrects this problem.
| It proved to be impossible to contact upstream, as all his e-mail
| addresses bounced. The Linux and *BSD vendors that distribute ez-ipupdate
| have been contacted, but so far only Mandrakelinux and SUSE Linux have
| published patched versions.



[SGT] Simon G. Tatham: "How to Report Bugs Effectively"
[ESR] Eric S. Raymond: "How To Ask Questions The Smart Way"