Title: Foundstone Fscan Format String Bug
A flaw in Foundstone Fscan could result in a malicious service
banner overwriting the stack and the EIP on the PC performing the
scanning.
If banner grabbing is turned on, Fscan will print the banner string
directly instead of using format specifiers (%s). This will cause
any %'s in the banner to be interpreted as format specifiers.
This issue is probably best clarified using a worst case scenario:
Guardent has published a small whitepaper on Format String Attacks:
http://www.guardent.com/docs/FormatString.PDF
You can visit the vendors webpage here: http://www.foundstone.com
The vendor was contacted on the 14th of April, 2002. The vendor
identified the problem as a format string bug. On the 17th of April,
2002 I received a new version of Fscan that solved the issue. On the
18th of April, 2002 the vendor put that version online for download.
The vendor has corrected the issue and put version 1.14 online:
http://www.foundstone.com/knowledge/proddesc/fscan.html
Author: Peter Gründl ([email protected])