CNET News.com: Unix, Linux computers vulnerable to damaging new attacksSep 07, 2000, 19:59 (14 Talkback[s])
(Other stories by Stephen Shankland)
"Security experts have uncovered a new class of vulnerabilities in Unix and Linux systems that let attackers take full control of computers."
"These "format string" vulnerabilities started surfacing about two months ago, said Elias Levy, a moderator of the Bugtraq computer security mailing list. Some of them have lurked for years in basic Unix programs, but security experts only now have begun to find and fix them."
"To take advantage of a format string vulnerability, an attacker gets a computer to display a string of text characters with formatting commands. By carefully manipulating the formatting commands, the attacker can trick the computer into running a program...."
"Fans of Unix and its close relative, Linux, pride themselves on the general security of their operating systems compared with Microsoft Windows, which has been plagued with security problems. But the format string issue highlights the fact that weaknesses can lurk for years within software and that it's hard to track them down among hundreds of thousands of lines of programming code."