Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

Jim Shankland (jas@flyingfox.COM)
Fri, 22 Sep 1995 09:27:34 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Ray Cromwell: Another Netscape Bug (and possible security hole)"
Previous message: Perry E. Metzger: "Ray Cromwell: Re: YET ANOTHER BAD NETSCAPE HOLE!"
Maybe in reply to: [8LGM] Security Team: "[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: andy@BTC.UWE.AC.UK: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

Casper Dik <casper@Holland.Sun.COM> write:

> The simple facts are:
>         - all sendmails are vulnerable
>         - it's a syslog() problem, not really a sendmail problem.

Well, sort of.  sendmail 8.6.12 jumps through all sorts of hoops
to limit the size of its syslog() output.  You're right, of course,
that it really is a syslog() bug, and that's where the fix needs
to be.  The output-limiting stuff in 8.6.12 is a hack, but it
*looks* as thought it would prevent this attack.  For all the
obvious reasons, it's still essential to fix syslog().  Still, it
would have been more accurate to say:

The simple facts are:
        - all sendmails are vulnerable, BUT some are much
        more vulnerable than others.

Jim Shankland
Flying Fox Computer Systems, Inc.

Next message: Perry E. Metzger: "Ray Cromwell: Another Netscape Bug (and possible security hole)"
Previous message: Perry E. Metzger: "Ray Cromwell: Re: YET ANOTHER BAD NETSCAPE HOLE!"
Maybe in reply to: [8LGM] Security Team: "[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: andy@BTC.UWE.AC.UK: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"