> Debian Security Advisory DSA 1024-1 [EMAIL PROTECTED]
> Package : clamav
> CVE-2006-1615
> Format string vulnerabilities in the logging code have been discovered,
> which might lead to the execution of arbitrary code.
Is this about the strange looking syslog calls in shared/output.c? I have found
them
too (boast boast), and I believe that they are no vulnerabilities at all, as the
offending data will always pass through this construct:
while((pt = strchr(vbuff, '%')))
*pt = '_';
(For the non-programmers out there, it changes all instances of "%" in vbuff to
"_".)
// Ulf Harnhammar
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
