I got around to installing texinfo 4.11 from source this morning, and the codebase is still vulnerable to a local format string attack. While texinfo isn't setuid root, and it's still a local (not remote) attack, this needs to be patched ASAP. Every linux distro that contains GNU texinfo <= 4.11 has this bug, and if anything were to ever change, it would be a nice vector for attacking someone's system. To try out the vulnerability on your system, just type in:
info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x." The data you get back is data off the processor stack, which is NOT supposed to happen. It's passing a C format string to the program which is executing it. Hope this gets fixed soon. Sincerely, Cody Rester [EMAIL PROTECTED]
