Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: Ian_MacPhedran () dvinci usask ca (Ian MacPhedran)
Date: Wed, 20 Sep 1995 18:25:14 -0600


On Tue, 19 Sep 1995, Goetz von Escher wrote:

On Sep 19,  4:33pm, Sten Gunterberg wrote:


There's no patch yet, but Sun is apparently working on one. The Bug-IDs
are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x.
Try to give those to local Sun support and see what happens :-)


Solaris 2.x ??? - I thought this is a BSD problem? Are you telling
me that *all* my Solaris boxes are vulnerable too?


As well as those from other vendors. This is not strictly a Sun problem.

Also local Sun support told me that the patch for Bug 1219835 has been
integrated into SunOS 4.1.4 and there probably won't be a patch for
older versions! Here's the bug info they sent me:

 Bug Id:     1219835
 Product:  sunos
 Category:  utility
 Subcategory:  other
 Release summary: 4.1.3, 4.1.4, 4.1.3_U1, 4.1
 Bug/Rfe:  bug
 State:  integrated


Here's the latest header on that bug report:
 Bug Id:     1219835
 Category:  utility
 Subcategory:  other
 State:  fixed
 Release summary: 4.1.3_U1, 4.1.4, 4.1.3, no-v4, 4.1, 5.4, 5.3
 Synopsis:  Syslog(3) can be abused to gain root access on 4.X systems
        Integrated in releases:
 Patch id:
Description:

Note that there are _NO_ entries for "integrated in releases" nor "patch
id".

But now I'm really getting confused when I read the mail by Andy Cowley
who said:

On Sep 19,  4:17pm, andy () btc uwe ac uk wrote:

-  Is Sun working on a patch?

...
patches are available to existing fault call owners. If the problem
is severe for you persuade Sun to send them. They are :-

        4.1.3_U1 domestic libc          = T101759-04
        4.1.3_U1 international libc     = T101558-07
        4.1.4 domestic libc             = T102544-03
        4.1.4 international libc        = T102545-03

These are betas and Sun will expect testing and a report.


So why would there be a test patch for SunOS 4.1.4 if it was fixed
in that release? I guess one of you guys is wrong.


Your local Sun person was probably wrong. Have them recheck their
information. Note that there is mention of a patch (100909) in bug report
1219835 which is thought to have fixed this which would have been
included in 4.1.3_U1, and 4.1.4. However, it appears that this may not be
the case.

Ian.
----------------------------------------------------------------------------
Ian MacPhedran,    Engineering Computer Centre,   2B13 Engineering Building,
University of Saskatchewan,  57 Campus Drive,  Saskatoon SK  S7N 5A9, CANADA
Phone: (306)966-4832 Fax: (306)966-5205  Email: Ian_MacPhedran () engr USask CA

Current thread:

LACC, (continued)
- - - LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
  - Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
    - Random seed (fwd) Darrell Fuhriman (Sep 25)
  - Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)