5842219 2000-12-08 08:43 -0800  /30 rader/ c0ncept <c0ncept@HUSHMAIL.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-10  23:49  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: c0ncept@HUSHMAIL.COM
Mottagare: Bugtraq (import) <14120>
Ärende: format string in ssl dump
------------------------------------------------------------
From: c0ncept <c0ncept@HUSHMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <OHEKJNEDFKNEKKGBEMIJGEGPCCAA.c0ncept@hushmail.com>

Sorry if this has already got posted.

Seeweed found this in ssldump the other day.  The follwoing text is
from his website (http://dropwire.dhs.org/~seeweed/):


SSLDUMP is a program witch is simallar to tcpdump, but also adds
encryption to its network debugging procedures..It captures traffic
then decodes it to stdout ... Overall it is a great program to use
when finding out where something went wrong or just to see what your
buddy's encryption he has choosen to use was

Here is the bug I have found...(the Author has been notified..)

1) Run SSLDUMP (needs you to be root unless setuid)

2)Open Up Netscape Navigator it)

3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s


4) watch as ssldump with gather the traffic then segfault..

--c0ncept
(5842219) --------------------------------(Ombruten)