Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: jas () flyingfox COM (Jim Shankland)
Date: Fri, 22 Sep 1995 09:27:34 -0700
Casper Dik <casper () Holland Sun COM> write:
The simple facts are: - all sendmails are vulnerable - it's a syslog() problem, not really a sendmail problem.
Well, sort of. sendmail 8.6.12 jumps through all sorts of hoops to limit the size of its syslog() output. You're right, of course, that it really is a syslog() bug, and that's where the fix needs to be. The output-limiting stuff in 8.6.12 is a hack, but it *looks* as thought it would prevent this attack. For all the obvious reasons, it's still essential to fix syslog(). Still, it would have been more accurate to say: The simple facts are: - all sendmails are vulnerable, BUT some are much more vulnerable than others. Jim Shankland Flying Fox Computer Systems, Inc.
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)