On Sat, Sep 07, 2002 at 11:39:07AM +0300, Guy Cohen wrote: > Secprog lesson 101... > here's a little format string vuln > ./sct_parselib/logger.cpp: syslog(LOG_ERR, msg); > should be: syslog(LOG_ERR, "%s", msg);
You're absolutely right, fixed in CVS. I should note that this code is never used currently. -- Muli Ben-Yehuda syscalltrack hacker-at-large
msg21616/pgp00000.pgp
Description: PGP signature
