Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: jas () flyingfox COM (Jim Shankland)
Date: Fri, 22 Sep 1995 09:27:34 -0700


Casper Dik <casper () Holland Sun COM> write:

The simple facts are:
        - all sendmails are vulnerable
        - it's a syslog() problem, not really a sendmail problem.


Well, sort of.  sendmail 8.6.12 jumps through all sorts of hoops
to limit the size of its syslog() output.  You're right, of course,
that it really is a syslog() bug, and that's where the fix needs
to be.  The output-limiting stuff in 8.6.12 is a hack, but it
*looks* as thought it would prevent this attack.  For all the
obvious reasons, it's still essential to fix syslog().  Still, it
would have been more accurate to say:

The simple facts are:
        - all sendmails are vulnerable, BUT some are much
        more vulnerable than others.

Jim Shankland
Flying Fox Computer Systems, Inc.

Current thread:

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
    - Random seed (fwd) Darrell Fuhriman (Sep 25)
  - Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)