Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: tfs () vampire science gmu edu (Tim Scanlon)
Date: Sat, 2 Sep 1995 03:59:25 -0400
Various people have been sumarizing potential "other" programs that use syslog & might be vulnerable, I'd like to point out that there's a whole lot of programs out there that have debug switches, addtional logging switches, & various flavors that use syslog as part of `giving you more info'. Not all of them are going to be stuff that is of a ready association. Things that record function as well as malfunction are potential avenues of exploitation too. The problem is that the syslog facility is used diversely, and that it's a basic system call. On another note, most of the experimentation & checks for explotations & such have focused on open source OS's & of course Sun's stuff. I ran that "test" program on my NeXT boxes and got no reaction out of it, but I havn't seen where that was a cannonical check. I went back and changed it to LOG_EMERG becasue the other log level is broken on the NeXT syslogd... If I hadn't of known to do that, well I wouldn't be sure I didn't have a problem. That's part of the reason for exploit stuff. So everyone can find out if they're screwed. has anyone bothered to check IRIX, OSF, etc. etc. etc. ? I'd like to see some sort of a robust test for the freaking thing that wasn't platform dependent, or at least had good assurance of adressing the problem. Why is it that 8lgm warnings are starting to remind me of ~old~ CERT notices, and CERT notices are starting to look like press releases done by the TV show "Hard Copy"? Probably just my whacky perceptions... Really neither here nor there. Tim ________________________________________________________________ tfs () vampire science gmu edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Christian Wettergren (Aug 29)
- <Possible follow-ups>
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Aug 30)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 der Mouse (Aug 31)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Tim Scanlon (Sep 02)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Sep 05)
- Discovery: Gain access to root on Linux via NIS Ken Weaverling (Sep 05)
- Re: Discovery: Gain access to root on Linux via NIS Alan Hannan (Sep 07)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 04)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 12)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)