Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent malicious users to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 6.0 |
||
netbsd netbsd 4.0 |
||
freebsd freebsd 6.0_p5_release |
||
freebsd freebsd 7.0 |
||
freebsd freebsd 7.0_beta4 |
||
freebsd freebsd 7.0_releng |