Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

System Administrator (root@iifeak.swan.ac.uk)
Mon, 11 Sep 1995 09:20:20 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jay 'Whip' Grizzard: "Livingston bugs..."
Previous message: Marty: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
In reply to: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

> 3) Rampant hacking would ensue.
>
> As for vulnerability, I believe both FreeBSD and Linux have fixes
> available.

libc4.7.2 fixed it in May. I had assumed that their fix and log in the
libc was what had sparked the alert.. ah well wrong again 8)

Alan

> P.S. Next time this kind of bug crops up, expect exploits to be
> available much more quickly - modifying an exploit for syslog()
> would be extremely straightforward :-|

PS: Have a look at the source code of tin very carefully in that case.

Next message: Jay 'Whip' Grizzard: "Livingston bugs..."
Previous message: Marty: "Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache"
In reply to: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"