• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Super Local Format String Vulnerability

super is prone to a locally exploitable format string vulnerability. The problem occurs due to the incorrect usage of programming functions designed to take formatted arguments.

Because of this, attacker supplied format specifiers will be interpreted literally by the vulnerable program. This vulnerability may provide a conduit for an attacker to influence arbitrary writes into process memory space. Ultimately this vulnerability may be exploited in order to have arbitrary code executed with superuser privileges.

**Update: This issue was originally believed to be a duplicate of BID 5367, however further reports indicate that this is not the case. Therefore this BID is reinstated.