A format string bug has been discovered in the Gnats package version 4.0 which could possibly be exploited to execute arbitrary commands.
cfca36ef8b0b5c888ed1009e7585a1649bce8e2d751f4117f5322cc8b06614f1
=================================================================================================
Zone-h Security Advisory Date of discovery : 21 june 2004
http://www.zone-h.org Date of release : 24 june 2004
Bug found by Khan Shirani
shirani [at] zone-h [dot] org , <shirani@zone-h.org>
=================================================================================================
---------------------------------------
Software : GNU Gnats 4.00
Bugs : formats string bug(s)
Risk : low/medium
Platform : *nix
---------------------------------------
Description:
============
GNU GNATS is a set of tools for tracking bugs reported by users to a central site.
It allows problem report management and communication with users via various means.
GNATS stores all the information about problem reports
in its databases and provides tools for querying, editing, and maintenance of the databases.
http://www.gnu.org/software/gnats/
Vulnerability:
==============
A format string bug has been discovered in the Gnats package which
could *possibly* be exploited to execute arbitrary commands.
vulnerable code:
================
----------------------
gnats-4.0\gnats\misc.c
#ifdef HAVE_SYSLOG_H
case SYSLOG:
syslog (severity, buf);
break;
#endif
----------------------
Vendor Notice:
==============
The Gnats team has been notified of the discoveries via <bug-gnats@gnu.org>
No patch is available at this time
Copyright
=========
Contents may not be altered without notification to orignial author
permission is granted to reproduce this advisory on public databases.
shirani@zone-h.org
and all the zone-h team, http://www.zone-h.org
(special greets to siegfried..)