You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Manoj Kasichainula <ma...@io.com> on 2003/09/01 22:27:29 UTC

Re: Possible security flaw! (Format BUG)

On Sun, Aug 31, 2003 at 06:24:04AM -0300, Ranier Vilela wrote:
> Hello All,
> I tested the source code of httpd-2.0.47, with tool pscan (format bug 
> scanner) and possible
> security flaws is found!
> Please, anybody can check if this is real problem of security?

This kind of vulnerability is only exposed when there is a format string
under the control of an unauthorized user.

It looked like all the format strings in your patches were literals and
aren't controlled by users, so they wouldn't be exploitable.