| 1 |
On Tuesday 31 January 2012 16:19:53 Javier Juan Martínez Cabezón wrote: |
| 2 |
> Systems compiled with -D_Fortify_source=2 are not vulnerable. If I'm not |
| 3 |
> wrong it's a format string vulnerability. |
| 4 |
|
| 5 |
Not very sure about it. From the original advisory: |
| 6 |
|
| 7 |
he above example shows the result of FORTIFY_SOURCE which makes explotitation |
| 8 |
painful but not impossible (see [0]). Without FORTIFY_SOURCE the exploit is |
| 9 |
straight forward. |
| 10 |
|
| 11 |
-- |
| 12 |
Agostino Sarubbo ago -at- gentoo.org |
| 13 |
Gentoo/AMD64 Arch Security Liaison |
| 14 |
GPG: 0x7CD2DC5D |
Archives