Hello, > Due to the way requests are logged the only way to exploit this > vulnerability is through setting the DNS name of the fingering host to the > attacker supplied format string. I really wonder how you want to exploit this... Last time I checked all tested resolvers (Linux/BSD/Solaris) did not allow % within domain names and so your format string vulnerability is not exploitable at all... Stefan Esser
