Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Previous message: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• In reply to: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

>
> > 3) Rampant hacking would ensue.
> >
> > As for vulnerability, I believe both FreeBSD and Linux have fixes
> > available.
>
> libc4.7.2 fixed it in May.

Hmm I cant find any libc4.7.2 for FreeBSD, so I'm a confused as to
which libc you mean.

> I had assumed that their fix and log in the
> libc was what had sparked the alert..

First I've heard of libc4.7.2; but given that it was fixed in there in May,
was anyone else alerted to the presence of a bug so that other OS's could
be checked?

> ah well wrong again 8)
>
> Alan
>
> > P.S. Next time this kind of bug crops up, expect exploits to be
> > available much more quickly - modifying an exploit for syslog()
> > would be extremely straightforward :-|
>
> PS: Have a look at the source code of tin very carefully in that case.

why?


--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          |

• Next message: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Previous message: Neil Woods: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• In reply to: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: System Administrator: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"