18479 – Format string bug in RH5.2's talkd

Bug 18479 - Format string bug in RH5.2's talkd

Summary: Format string bug in RH5.2's talkd

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	talk
Sub Component:
Version:	5.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Phil Knirsch
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-10-05 23:09 UTC by Chris Evans
Modified:	2015-03-05 01:08 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-06-22 15:37:18 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chris Evans 2000-10-05 23:09:52 UTC

NOTE!! Does _not_ affect RH6.0 or newer because of a netkit source change
Just a bug FYI, in case you're still supporting 5.2

See bogus use of fprintf() in announce.c: print_mesg(). "%s" is missing.
May be remotely exploitable.
If I had a RH5.2 machine I'd reseach this but.... :-)

See Bugtraq post here for someone who spotted this change in the OpenBSD
tree:
http://www.securityfocus.com/archive/1/137482

Comment 1 Phil Knirsch 2001-08-23 09:58:21 UTC

Thanks for reporting, but 5.2 is now out of the supported systems.

Read ya, Phil

PS: I just took over our internal ownership of this package, so i can't tell you
why there hasn't been done a fix earlier. :)

Note You need to log in before you can comment on or make changes to this bug.