Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: paul () argo demon co uk (Paul Ashton)
Date: Mon, 18 Sep 1995 23:03:00 BST


Sun definitely know about this bug and are dealing with it, though
not very quickly. A patch will be announced in due course. If you
wish to raise a bug report yourself simply email a copy of the program
that was sent on bugtraq earlier containing a call to syslog() that
creates a core dump. It is not necessary to reproduce the security
hole in order to request a patch. Also, it is worth noting that the
syslog fix will not fix all problems with sendmail as I have been able
to core dump sendmail with several other stack overwrites even after
disabling syslog() altogether.

The hole has nothing at all to do with syslogd, so tell them where to
go.

Paul
ps. If you want any further information, please let me know.

Current thread:

Re: Livingston bugs..., (continued)
- - - Re: Livingston bugs... Phillip Moore (Sep 12)
    - Re: Livingston bugs... Dave Andersen (Sep 12)
    - Re: Livingston bugs... Mike A Lyons (Sep 12)
    - LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
  - Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
    - Random seed (fwd) Darrell Fuhriman (Sep 25)
  - Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)

(Thread continues...)