search for: 028_format_strings

...g vulnerabilities. This allows local attackers to execute arbitrary code and thereby escalate privileges to root level. -------------------------- Since this vulnerability is so old, and a patch for it has been known to exist for almost as long (ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch), I would conclude that this likely is no longer a problem, and the Foundstone scan result is a false positive. However, I've been unable to find documented evidence that this has been fixed. Does anyone know for sure and/or can point me to the proof? Thanks in advance, Darryle -- ___...