[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B)
> Due to the way requests are logged the only way to exploit this
> vulnerability is through setting the DNS name of the fingering host to the
> attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not allow % within domain
names and so your format string vulnerability is not exploitable at all...