[VIM] Re: Iron Bars SHell format string - two, not one

Steven M. Christey coley at mitre.org
Tue May 24 23:55:34 EDT 2005


What happens when the mistake-finders make their own mistakes?

While there is a fix in log_attempt() in misc.c that's relevant to
format strings and syslog, there's only one usage of log_attempt, with
a username that's obtained from the password file, so there's no real
vulnerable code path.

- Steve

