Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: rob () IAEhv nl (Rob J. Nauta)
Date: Tue, 29 Aug 1995 15:03:13 +0200


[8LGM] Security Team dared to write:


               [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
REPEAT BY:
       We have written an example exploit to overwrite syslog(3)'s
       internal buffer using SunOS sendmail(8).  However due to the
       severity of this problem, this code will not be made available
       to anyone at this time.  Please note that the exploit was fairly
       straightforward to put together, therefore expect exploits to be
       widely available soon after the release of this advisory.


If it's so straightforward, let's have it ! I want to check my linux and
my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/
scripts now !

Rob
--
 _   _
((___))                 Rob J. Nauta
[ x x ]                 rob () iaehv nl
 \   /                  040-837549
 (' ')                  Check out http://www.iaehv.nl/iae/people/rob/index.html
  (U)   Free Mitnick !

Current thread:

-rw-rw-rw- 1 root 8025 Aug 24 04:10, (continued)
- -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dr. Frederick B. Cohen (Aug 24)
  - Security Mailing Lists Christopher Klaus (Dec 09)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
  - .lsof_dev_cache Dave Sill (Aug 25)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - SunOS syslog.c replacement Matthew Donaldson (Aug 30)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - syslog() Mark A. Fullmer (Aug 29)