Bug 22496

Summary: [SECURITY] Yet another top(1) format string vulnerability
Product: Base System Reporter: Przemyslaw Frasunek <venglin>
Component: binAssignee: Warner Losh <imp>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1.1-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Przemyslaw Frasunek 2000-11-02 07:10:01 UTC 
	Vulnerability very similar to FreeBSD-SA-00:62, just few lines below
	in top.c, but still not fixed.

How-To-Repeat: 
	1. Run top
	2. Press 'r'
	3. Type '20 %n'
	4. Segfault
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2000-11-03 21:45:17 UTC 
Responsible Changed
From-To: freebsd-bugs->imp

Over to Warner who fixed the other new_message call.
Comment 2 Warner Losh freebsd_committer freebsd_triage 2000-11-03 22:00:55 UTC 
State Changed
From-To: open->closed

I fixed this.  Grump.  I must have missed thie the first time.