Hi,
I agree with Olaf. Both format strings and buffer overflow in Rotor.cpp
could allow user-assisted remote attackers to execute arbitrary code, if
flightgear's users download material (aircraft, airports, etc) from an
untrusted web page or even an e-mail. Take a look of a vulnerability I
found
Hi Curtis,
Here I send details about buffer overflows I commented before:
The first one is in flightgear/src/FDM/YASim/Rotor.cpp
line 271 int Rotor::getValueforFGSet(int j,char *text,float *f)
{
.
.
.
line 277
Hi Andres,
thanks for pointing these out. We have been chasing and replacing
(s)(n)printfs in our code over the years but not at a high priority.
Everytime I (and others) are working on a file and stumble upon a
printf, we try to replace this with more robust code.
This is low priority,
Hi Torsten,
I am quite sure Flightgear has remote exploitable bugs.
Think about social attack vectors like custom sceneries, special interest
aircraft models. And the multiplayer protocol, or the httpd server
Running malicious code in user context is bad enough...
Olaf
This is low
4 matches
Mail list logo