Displaying 1 result from an estimated 1 matches for "mrdkaaa".
Did you mean:
mrdata
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html
This Mrdkaaa character claims to have exploited this, but does not say
how.
The issue is that if do_pam_account() fails, do_authloop() will call
packet_disconnect() with loginmsg as the format string (classic
printf(foo) instead of printf("%s", foo) bug).
The stuff that do_authloop() appends to logi...