home *** CD-ROM | disk | FTP | other *** search
- Date: Tue, 16 Feb 1999 02:22:56 -0500
- From: Cory Visi <visi@CMU.EDU>
- To: BUGTRAQ@netspace.org
- Subject: RedHat sysklogd vulnerability
-
- I'd like to apologize for being so late with this e-mail as I have known
- about this problem for months. The vulnerability was discussed in a Thu, 10
- Sep 1998 BugTraq e-mail by Michal Zalewski (lcamtuf@IDS.PL). I replied to it
- with a quick patch. Here are some lines from my e-mail:
-
- > I'm not completely happy with this, as it modifies the reference parameter,
- > ptr, but it will solve the problem. However, later on:
- >
- > ExpandKadds(line, eline)
- >
- > Where eline is the same size as line. I think the real solution is to make
- > sure the buffer is larger (LOG_LINE_LENGTH) like Michal said, and make sure
- > modules and programs don't generate obsurdly long messages, because you
- > can't be certain how much room is necessary for the expanded symbols. It
- > would be nice if ExpandKadds() allocated memory dynamically, but it doesn't.
-
- RedHat immediately issued a "fix" to their current package: sysklogd-1.3-26
- This "fix" is merely my patch (and nothing more). My patch DOES NOT fix the
- problem. As discussed by the package co-maintainer (Martin Schulze
- (joey@FINLANDIA.INFODROM.NORTH.DE)) the bug is fixed in the latest sysklogd
- package (1.3-30). In fact, the bug was fixed in 1996. What this comes down
- to is that any Linux distribution running an old sysklogd package (namely
- RedHat all versions) STILL has a potential (rather obscure) buffer overflow.
- They need to upgrade to the latest version ASAP. I e-mailed
- bugzilla@redhat.com and got no response.
-
- Thank you,
-
- .-. ,~~-. .-~~-.
- ~._'_.' \_ \ / `~~-
- | `~- \ /
- `.__.-'ory \/isi
-
-
