> >REPEAT BY: > > We have written an example exploit to overwrite syslog(3)'s > > internal buffer using SunOS sendmail(8). However due to the > > severity of this problem, this code will not be made available > > to anyone at this time. Please note that the exploit was fairly > > straightforward to put together, therefore expect exploits to be > > widely available soon after the release of this advisory. > > If it's so straightforward, let's have it ! I want to check my linux and > my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/ > scripts now ! Actually, (not to get into a religious war), I would consider what 8lgm has done to _BE_ full-disclosure. Full disclosure means giving full details about a hole (which 8lgm DID, in this case, kudos to them!), not necesarilly giving exploit scripts so that everyone and their brother can start breaking into systems. ObBugTraq: You can check to see if you are vurnerable by reading the source for your C shared library. Look at the code for the syslog() routine, and see if it has protections to keep from writing off the end of the static-size buffer it uses to send the message to syslogd. If it doesn't have a "safety net," it's vurnerable. -WW