"ez-ipupdate: Format string vulnerability"

From:	"Malte S. Stretz" <msquadrat dot nospamplease at gmx dot net>
To:	m0n0wall dash dev at lists dot m0n0 dot ch
Subject:	"ez-ipupdate: Format string vulnerability"
Date:	Thu, 11 Nov 2004 21:13:26 +0100

This [1] just hit the GLSA feed.  From the Full Disclosure Announcement [2]:
|[...]
| The format string bug allows a malicious remote server to execute
| arbitrary code on the machine running ez-ipupdate, if and only if daemon
| mode is on (very common) and certain service types are used. I have
| attached a trivial patch (against 3.0.11b8) that corrects this problem.
| 
| It proved to be impossible to contact upstream, as all his e-mail
| addresses bounced. The Linux and *BSD vendors that distribute ez-ipupdate
| have been contacted, but so far only Mandrakelinux and SUSE Linux have
| published patched versions.

Cheers,
Malte

[1]http://www.gentoo.org/security/en/glsa/glsa-200411-20.xml
[2]http://lists.netsys.com/pipermail/full-disclosure/2004-November/028590.html

-- 
[SGT] Simon G. Tatham: "How to Report Bugs Effectively"
      <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
[ESR] Eric S. Raymond: "How To Ask Questions The Smart Way"
      <http://www.catb.org/~esr/faqs/smart-questions.html>