1 |
On Tuesday 31 January 2012 16:19:53 Javier Juan Martínez Cabezón wrote: |
2 |
> Systems compiled with -D_Fortify_source=2 are not vulnerable. If I'm not |
3 |
> wrong it's a format string vulnerability. |
4 |
|
5 |
Not very sure about it. From the original advisory: |
6 |
|
7 |
he above example shows the result of FORTIFY_SOURCE which makes explotitation |
8 |
painful but not impossible (see [0]). Without FORTIFY_SOURCE the exploit is |
9 |
straight forward. |
10 |
|
11 |
-- |
12 |
Agostino Sarubbo ago -at- gentoo.org |
13 |
Gentoo/AMD64 Arch Security Liaison |
14 |
GPG: 0x7CD2DC5D |