Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

[root () iifeak swan ac uk (System Administrator)]

> 3) Rampant hacking would ensue.
>
> As for vulnerability, I believe both FreeBSD and Linux have fixes
> available.

libc4.7.2 fixed it in May. I had assumed that their fix and log in the
libc was what had sparked the alert.. ah well wrong again 8)

Alan

> P.S. Next time this kind of bug crops up, expect exploits to be
> available much more quickly - modifying an exploit for syslog()
> would be extremely straightforward :-|

PS: Have a look at the source code of tin very carefully in that case.