“Security experts have uncovered a new class of vulnerabilities
in Unix and Linux systems that let attackers take full control of
computers.”
“These “format string” vulnerabilities started surfacing about
two months ago, said Elias Levy, a moderator of the Bugtraq
computer security mailing list. Some of them have lurked for years
in basic Unix programs, but security experts only now have begun to
find and fix them.”
“To take advantage of a format string vulnerability, an attacker
gets a computer to display a string of text characters with
formatting commands. By carefully manipulating the formatting
commands, the attacker can trick the computer into running a
program….”
“Fans of Unix and its close relative, Linux, pride
themselves on the general security of their operating systems
compared with Microsoft Windows, which has been plagued with
security problems. But the format string issue highlights the fact
that weaknesses can lurk for years within software and that it’s
hard to track them down among hundreds of thousands of lines of
programming code.“