Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 May 2013 15:48:36 +0000
From: "Christey, Steven M." <coley@...re.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"kseifried@...hat.com" <kseifried@...hat.com>, "andresgomezram7@...il.com"
	<andresgomezram7@...il.com>
Subject: RE: Flightgear remote format string

Andrés,

Here is my interpretation of the problem.  I believe there is some confusion because people don't usually think that a flight simulator could be accessible from a "remote" location.

Is the following correct?

1) The Flightgear package includes a network server.  This server can be run using fgfs.exe and specifying a port number using the "-telnet" argument, for example.

2) The format string problem is in the server.

3) Your exploit makes a connection to the server (on port 5501).

4) The exploit sends a number of format strings in the cloud names (using the "property tree").  For some reason, it sends the same command 5 times, and it sends this command for "layers" 1 through 5. 

5) The exploit causes the server to crash.

- Steve

>-----Original Message-----
>From: Andrés Gómez Ramírez [mailto:andresgomezram7@...il.com]
>Sent: Thursday, May 02, 2013 11:13 AM
>To: kseifried@...hat.com
>Cc: oss-security@...ts.openwall.com
>Subject: Re: [oss-security] Flightgear remote format string
>
>>
>> So it's not on by default? Is there any documentation specifically you
>> can point me to regarding enabling/securing it?
>>
>
>Hi,
>the detailed info is in the reference:
>
>http://kuronosec.blogspot.com/2013/04/flightgear-remote-format-
>string.html
>
>if you need more info, please let me know.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.