• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU GNATS Syslog() Format String Vulnerability

It is reported that GNU GNATS contains a format string vulnerability in its logging function.

GNATS has the ability to log to various files: stderr, syslog() or a file.

If an attacker devises a method of controlling the arguments to the logging function, they would be able to read or write arbitrary locations in memory. Code execution could be possible.

GNU GNATS version 4.0 is reported vulnerable. Other version may also be affected.

NOTE: It has been reported that this issue is not exploitable due the application never passing user-supplied data to the affected formatted printing function. This is not verified, however, if it the case this issue is not exploitable. This BID will be updated when more information becomes available.