Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: klogd 1.3-22 buffer overflow

From: peter () ATTIC VUURWERK NL (Peter van Dijk)
Date: Thu, 12 Nov 1998 01:43:16 +0100

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 11, 1998 at 11:12:09AM -0500, Neil Bright wrote:

Michal Zalewski wrote the following:
=20

Good morning,

This time - buffer overflow in Linux klogd daemon from sysklogd-1.3
package (up to release 22 - affects Red Hat 5.x and Slackware 3.x, no d=

ata

about other distributions).

=20
[snip]
=20
This does appear to affect a (fairly) stock RH5.2 box also.  In my test,
The supplied module code did cause klogd to die...
=20
Relevant RPMS:
  sysklogd-1.3-25
  kernel-2.0.36-0.7     (stock, no kernel rebuild)


Same on Slackware 3.4 (kernel updated to 2.0.35).

[root@koek] ~# klogd -v
klogd 1.3-0

But attaching gdb to klogd shows that the character the buffer is filled wi=
th
only appears in eax and even there only in the lowest 8 bits.. Is this still
exploitable?

Greetz, Peter.
--=20
'I guess anybody who walks away from a root shell at :         Peter van Di=
jk
 a nerd party gets what they deserve!' -- BillSF     :peter@attic.vuurwerk.=
nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- =
--
finger hardbeat () flits104-161 flits rug nl for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 8NmZ8FDRmqWp1fcBFYDRTIjS97N9yD7/

iQA/AwUBNkovImxoDwIx5CYIEQJT3gCbBuT73tjdI4kEs0d+QOT1tyYpQiwAoIdd
6aMqLDlKzBlCH77T9E2x91Ya
=T/rM
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--
Previous By Date Next
Previous By Thread Next

Current thread: