oss-security - Flightgear remote format string

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAGVYHsXtMODq8-EnmObam0OB8AzbvtSthA0Jkfz6SO=zh4wQmA@mail.gmail.com>
Date: Tue, 30 Apr 2013 11:11:26 -0500
From: Andrés Gómez Ramírez <andresgomezram7@...il.com>
To: oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: Flightgear remote format string

Hi,

Introduction:

FlightGear is an open-source flight simulator.  It supports a variety of
popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled
volunteers from around the world.  Source code for the entire project is
available and licensed under the GNU General Public License.

Bug:

Flightgear allows remote control through Property tree.  It is vulnerable
to remote format string vulnerability when some special parameters related
with clouds are changed.  This could allow to crash the application or
potentially execute arbitrary code under certain conditions.

Fix:

No fix.

References:

http://kuronosec.blogspot.com/2013/04/flightgear-remote-format-string.html

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.