Package: pscan
Version: 1.2-4
Severity: normal
pscan fails to catch an obvious format string vulnerability in the
following example program:
pacem:/tmp$ cat foo.c
#include <stdio.h>
int main(int argc, char **argv)
{
char b[128];
snprintf(b, sizeof(b), argv[1]);
return 0;
}
pacem:/tmp$ pscan -vv foo.c
Scanning foo.c ...
pacem:/tmp$ echo $?
0
pacem:/tmp$ gcc -Wall -o foo foo.c
pacem:/tmp$ ./foo bar
pacem:/tmp$ ./foo %n
Segmentation fault (core dumped)
pacem:/tmp$
--
,''`.
: :' : Romain Francoise <[EMAIL PROTECTED]>
`. `' http://people.debian.org/~rfrancoise/
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
