Cfingerd Patch

Listing 6.1 provides a patch for the cfinger daemon to eliminate a vulnerability related to processing formatted strings.

Listing 6.1: The cfingerd patch

 snprintf(syslog_str, sizeof(syslog_str),         "%s fingered (internal) from %s", username, ident_user); - syslog(LOG_NOTICE, (char *) syslog_str);       // User input                                                  // in the format argument + syslog(LOG_NOTICE, "%s", (char *) syslog_str); // Explicit specification                                                  // of the format argument

Table of content

Shellcoders Programming Uncovered (Uncovered series)

ISBN: 193176946X
EAN: 2147483647

Year: 2003
Pages: 164

Authors: Kris Kaspersky

BUY ON AMAZON

A Practitioners Guide to Software Test Design

The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]

The Java Tutorial: A Short Course on the Basics, 4th Edition

Mapping Hacks: Tips & Tools for Electronic Cartography

Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing

The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity