[maemo-developers] format string vuln in the wifi "applet"
From: pancake pancake at youterm.comDate: Wed May 2 17:58:30 EEST 2007
- Previous message: a problem with nokia N800 - reboot evety 6 seconds
- Next message: format string vuln in the wifi "applet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
One year ago I found a security hole in the wifi applet. Which interprets incorrectly the ESSID of the associated accesspoint. This is sprintf(buf, access_point_name); and should be snprintf(buf, BUFSIZE, "%s", access_point_name); Well these lines are in my mind (not in the maemo code), but i was unable to find the vuln line in the huge number of C files. I report that one year ago in the GUADEC personally to a Nokia developer, but seems that this bugs stills there. Please fix't :) NOTE: I was unable to exploit this bug, but try setting up an accesspoint with name "a%ea" or so :) Have phun --pancake
- Previous message: a problem with nokia N800 - reboot evety 6 seconds
- Next message: format string vuln in the wifi "applet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]