texinfo vulnerability still working in 4.11

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

texinfo vulnerability still working in 4.11

From:	Cody Rester
Subject:	texinfo vulnerability still working in 4.11
Date:	Fri, 16 Nov 2007 08:59:48 -0600

I got around to installing texinfo 4.11 from source this morning, and
the codebase is still vulnerable to a local format string attack.
While texinfo isn't setuid root, and it's still a local (not remote)
attack, this needs to be patched ASAP. Every linux distro that
contains GNU texinfo <= 4.11 has this bug, and if anything were to
ever change, it would be a nice vector for attacking someone's system.
To try out the vulnerability on your system, just type in:

info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."

The data you get back is data off the processor stack, which is NOT
supposed to happen. It's passing a C format string to the program
which is executing it. Hope this gets fixed soon.

Sincerely,
Cody Rester
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

texinfo vulnerability still working in 4.11, Cody Rester <=
- Re: texinfo vulnerability still working in 4.11, Karl Berry, 2007/11/16
  - Re: texinfo vulnerability still working in 4.11, Cody Rester, 2007/11/18
    - Re: texinfo vulnerability still working in 4.11, Karl Berry, 2007/11/18

Prev by Date: texinfo-format-buffer doesn't produce info index properly
Next by Date: Re: texinfo vulnerability still working in 4.11
Previous by thread: texinfo-format-buffer doesn't produce info index properly
Next by thread: Re: texinfo vulnerability still working in 4.11
Index(es):
- Date
- Thread