Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

[cwe () Csli Stanford EDU (Christian Wettergren)]

| [8LGM] Security Team dared to write:
| >
| >                [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
| >REPEAT BY:
| >        We have written an example exploit to overwrite syslog(3)'s
| >        internal buffer using SunOS sendmail(8).  However due to the
| >        severity of this problem, this code will not be made available
| >        to anyone at this time.  Please note that the exploit was fairly
| >        straightforward to put together, therefore expect exploits to be
| >        widely available soon after the release of this advisory.
|
| If it's so straightforward, let's have it ! I want to check my linux and
| my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/
| scripts now !

It is straightforward to plug. You have the source code for Linux,
just look for an overrun buffer in syslog.c in libc. Correct it.
Recompile everything using syslog(3), including your application
binaries.

                            - . -

I agree with full disclosure, but it should be properly staged. This
hole is so potentially dangerous that it should be a staged release.
There is so far no list of affected programs, no list over which of
them uses dynlibs and which do not, no patches for application
programs (except the one for BSD 4.4, done by Perry Metzger) etc.

Let's hold on a little longer. Let the press print about it for a
while, see Sun's, Digital's, IBM's etc shares drop 5%...

   ... AND then release it.

I guess patches will suddenly be forthcoming faster than you can
count them. (Hopefully. :-( )

Maybe a few poor users are able to upgrade their systems on their own
during this grace period as well.

/Christian