Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Matthew Donaldson: "SunOS syslog.c replacement"
• Previous message: Christian Wettergren: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• In reply to: Rob J. Nauta: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: Christian Wettergren: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

"Rob J. Nauta" writes:
> [8LGM] Security Team dared to write:
> >
> >                [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
> >REPEAT BY:
> >        We have written an example exploit to overwrite syslog(3)'s
> >        internal buffer using SunOS sendmail(8).  However due to the
> >        severity of this problem, this code will not be made available
> >        to anyone at this time.  Please note that the exploit was fairly
> >        straightforward to put together, therefore expect exploits to be
> >        widely available soon after the release of this advisory.
>
> If it's so straightforward, let's have it !

The report gave me more than enough information to figure out
precisely how to do what was stated. It was full disclosure from my
perspective. He told you exactly what your vulnerability is -- if you
can get syslog(3) to fandango on its stack, you can get it to execute
arbitrary code.

I managed to fix the problem without any further information. See my
patch of this morning.

> I want to check my linux and my ISP's FreeBSD. Bugtraq is FULL
> DISCLOSURE !! So, please post source/ scripts now !

I don't see that you need an exploit script to check this. Simply
checking your implementation of syslog(3) is enough. If you can't read
C source code, well, sorry.

Perry

• Next message: Matthew Donaldson: "SunOS syslog.c replacement"
• Previous message: Christian Wettergren: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• In reply to: Rob J. Nauta: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: Christian Wettergren: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"