[VIM] Re: Iron Bars SHell format string - two, not one
jericho at attrition.org
Wed May 25 01:20:58 EDT 2005
: What happens when the mistake-finders make their own mistakes?
: While there is a fix in log_attempt() in misc.c that's relevant to
: format strings and syslog, there's only one usage of log_attempt, with a
: username that's obtained from the password file, so there's no real
: vulnerable code path.
So two format string issues. One is not used anywhere? The other is used
in a single place but offers no way for a user to inject their own
content, as it comes from the password file?
If so, those are programming bugs but not vulnerabilities it sounds like..
More information about the VIM