Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

Perry E. Metzger (perry@piermont.com)
Wed, 30 Aug 1995 01:30:07 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Greg Woods: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10"
Previous message: Slava Kritov: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
In reply to: Tim Rylance: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: der Mouse: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

Tim Rylance writes:
> >        We have written an example exploit to overwrite syslog(3)'s
> >        internal buffer using SunOS sendmail(8).
>
> A quick look at the FreeBSD-current syslog.c and the latest sendmail
> source suggests that
>
>  a) turning off mail.debug logging in /etc/syslog.conf will protect you
>     (from this particular exploit)

This is a syslog(3) problem, not a syslogd problem, so touching
/etc/syslog.conf would do nothing.

>  b) sendmail 8.6.6 and later take care not to log long strings and
>     may be safe (from this particular exploit).

I'm not 100% sure of how safe the code is. Given that other daemons
are also potentially unsafe I'm being paranoid and just fixing the
library.

Perry

Next message: Greg Woods: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10"
Previous message: Slava Kritov: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
In reply to: Tim Rylance: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: der Mouse: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"