Author: JT Smith
From Linux Weekly News: ” format string vulnerability exists in the locale subsystem. The
locale subsystem consists of databases that contain language and
country specific information. Whenever a program needs to display a
message to a user, it accesses a database within the subsystem and
retrieves the proper language-specific string using the original
message as the search key. The string(s) retrieved by the program are
displayed using printf(). It is possible for an attacker to control
the output by building and installing a custom database.”
locale subsystem consists of databases that contain language and
country specific information. Whenever a program needs to display a
message to a user, it accesses a database within the subsystem and
retrieves the proper language-specific string using the original
message as the search key. The string(s) retrieved by the program are
displayed using printf(). It is possible for an attacker to control
the output by building and installing a custom database.”
Category:
- Linux