Bugtraq mailing list archives
Responses to syslogd killing
From: lb () POSH INEXWORKS NET (lb)
Date: Tue, 21 Oct 1997 14:45:01 -0400
I got alot of responses about the syslogd killing, which mostly affirmed by belief that the bug had been noticed before. Sun seems to have attributed the bug to "LOCAL" facility syslog traffic loads causing syslogd to die. I've tried using LOG_AUTH and most of the syslog facilities and they all seem to cause syslogd to crash. There was a patch released by Sun to solve the "LOCAL" problem, but it doesn't seem to be publicly available so I can't test it. Also, alot of people are under the impression that this has nothing to do with DNS. I tried it many times to make sure, because it seemed exploitable to me.. I would watch the syslog message come in, watch the DNS query go out, and then watch syslogd die. If I inserted a DNS entry for the IP in question, syslogd would query and work fine.. if I removed the DNS entry again, syslogd would crash. Perhaps you're right.. but I'll stick to my assumption. hoho. If anyone knows where I could get that patch, and it's publicly available.. then please let me know.. If anything, this should be included in the Solaris 2.5.1 and 2.5 Recommended patch set.. lb () inext net
Current thread:
- Remotely kill Solaris syslogd lb - STAFF (Oct 21)
- Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Oops: Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Responses to syslogd killing lb (Oct 21)
- Re: Responses to syslogd killing Zack Weinberg (Oct 21)
- <Possible follow-ups>
- Re: remotely kill solaris syslogd Chris Wilson (Oct 21)
- Re: remotely kill solaris syslogd Paul Tatarsky (Oct 23)
- IRIX /var/inst/patchbase Paul Tatarsky (Oct 23)
- Re: IRIX /var/inst/patchbase Alain Renaud (Oct 25)
- KSR[T] Advisory #004: printfilter / groff / lpd KSR[T] (Oct 25)