Bug 18479

Summary: Format string bug in RH5.2's talkd
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: talkAssignee: Phil Knirsch <pknirsch>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2CC: rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-22 15:37:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2000-10-05 23:09:52 UTC 
NOTE!! Does _not_ affect RH6.0 or newer because of a netkit source change
Just a bug FYI, in case you're still supporting 5.2

See bogus use of fprintf() in announce.c: print_mesg(). "%s" is missing.
May be remotely exploitable.
If I had a RH5.2 machine I'd reseach this but.... :-)

See Bugtraq post here for someone who spotted this change in the OpenBSD
tree:
http://www.securityfocus.com/archive/1/137482
Comment 1 Phil Knirsch 2001-08-23 09:58:21 UTC 
Thanks for reporting, but 5.2 is now out of the supported systems.

Read ya, Phil

PS: I just took over our internal ownership of this package, so i can't tell you
why there hasn't been done a fix earlier. :)