The following message was just send out over BUGTRAQ. In it Ivan Arce
of CODE SDI discloses a security vulnerability that affects almost all
UNIX systems, including Linux. The vulnerability can normally only be exploited locally, but there are
some instances where it may be possible to exploit it remotely via
TELNET. The problem is the result of a new class of vulnerabilities
that were discussed on BUGTRAQ during the last few months. This
type of vulnerabilities are being termed "format string" vulnerabilities. The advisory is at LWN.net.
September 4, 2000