Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: neil () legless demon co uk (Neil Woods)
Date: Mon, 4 Sep 1995 23:54:54 +0100
Rob J. Nauta spewed forth:
[8LGM] Security Team dared to write:[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 REPEAT BY: We have written an example exploit to overwrite syslog(3)'s internal buffer using SunOS sendmail(8). However due to the severity of this problem, this code will not be made available to anyone at this time. Please note that the exploit was fairly straightforward to put together, therefore expect exploits to be widely available soon after the release of this advisory.If it's so straightforward, let's have it ! I want to check my linux and my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/ scripts now !
Aye its straightforward, it took 2 hrs to get results. Anyone who has done some development (well more accurately debugging ;-) work, should be able to get results quickly for the architecture they work with. Unfortunately if we did give you (and everyone else to be fair) the exploit: 1) Linux or FreeBSD don't run sendmail v5. The exploit is based on v5's usage of syslog() (It just so happened that sendmail v5 was the first daemon we looked at for exploit possibilities). 2) I can't port it to other operating systems, as I don't run either Linsux or FreeBSD, even if you are using Sparc architectures. 3) Rampant hacking would ensue. As for vulnerability, I believe both FreeBSD and Linux have fixes available. Cheers, Neil P.S. Next time this kind of bug crops up, expect exploits to be available much more quickly - modifying an exploit for syslog() would be extremely straightforward :-| -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope...
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Christian Wettergren (Aug 29)
- <Possible follow-ups>
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Aug 30)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 der Mouse (Aug 31)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Tim Scanlon (Sep 02)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Sep 05)
- Discovery: Gain access to root on Linux via NIS Ken Weaverling (Sep 05)
- Re: Discovery: Gain access to root on Linux via NIS Alan Hannan (Sep 07)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 04)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 12)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)
- Re: Livingston bugs... Dave Andersen (Sep 12)
- Re: Livingston bugs... Mike A Lyons (Sep 12)
- LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)