COMMAND
	Perdition format string vulnerability
SYSTEMS AFFECTED
	Perdition 0.1.8 (libvanessa_logger 0.0.1)
PROBLEM
	GOBBLES Security reported [http://www.bugtraq.org/] :
	--snip--
	There exists a format string vulnerability in libvanessa_logger  library
	used by program perdition which  allow  remote  penetrator  to  takeover
	admin's server and he emails :(
	
	  $ id
	  uid=1001(GOBBLES) gid=1001(GOBBLES) groups=1001(GOBBLES)
	  $ #  just making sure we are unpriviledged user!
	  $
	  $ telnet 0 110
	  Trying 0.0.0.0...
	  Connected to 0.
	  Escape character is '^]'.
	  +OK POP3 Ready freegobbles.bugtraq.org
	  USER GOBBLES_IS_TAKING_A_WALK_ON_HE_STACK->%p-%p-%p
	  +OK USER GOBBLES_IS_TAKING_A_WALK_ON_HE_STACK->%p-%p-%p set
	  PASS HEHEHE!
	
	In systemlogs logged by program syslogd, GOBBLES notices:
	
	  Dec 18 06:23:36 freegobbles perdition[42804]: Connect: user="GOBBLES_IS_TAKING_A_WALK_ON_HE_STACK->0x8053140-0xbfbffb78-0x2807cc6c" server="(null)" port="110"
	
	While playing around a bit stupid program perdition suddenly dies :-(
	 
	  Dec 18 16:24:53 freegobbles perdition[42898]: Exiting on signal 11
	
	GOBBLES Labs find it to be  very  difficult  bug  to  exploit  but  then
	GOBBLES member Simon came up with clever thing and  8  hours  later  our
	team got a bash# from it hehehe.
	GOBBLES won't release an exploit this time because perdition  appear  to
	be widely used (music&spam site mp3.com use perdition  program)  and
	there are plenty of rpms, debs etc with  indirect  vulnerable  perdition
	program out there.
	--snap--
SOLUTION
	As a temporary fix GOBBLES modified libvanessa_logger.c:
	 
	-      syslog(priority, vl->buffer);
	+      syslog(priority, "%s", vl->buffer);
	
	FreeBSD upgrade :
	
	    vanessa_logger 0.0.2 is available from
	    ftp://ftp.vergenet.net/pub/vanessa/vanessa_logger/0.0.2