Bugtraq mailing list archives
Re: [Linux] klogd 1.3-22 buffer overflow
From: security () PENGUIN NET AU (security () PENGUIN NET AU)
Date: Wed, 18 Nov 1998 12:22:29 +0800
Hi, I am personally a bit mixed up now... This is what I have just read on the RedHat updates page: -------------------------------------------- Red Hat would like to thank Michal Zalewski (lcamtuf () IDS PL) and the members of the Bugtraq mailing list for discovering this problem and providing a fix. Users of Red Hat Linux are recommended to upgrade to the new packages ava -------------------------------------------------- The page is at http://www.redhat.com/support/docs/rhl/rh52-errata-general.html. ...shall I trust Redhat, now? :-? Merc.
I'm the co-maintainer of the Linux sysklogd package which contains the klogd program for which a buffer overrun has been reported last week. First of all I'd like to complain about two things: a) The reports weren't made against the current version of the package. The source for it is well known on sunsite.unc.edu as well as various mirrors.
[SNIP]
Current thread:
- WWWBoard Vulnerability Samuel Sparling (Nov 09)
- [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 10)
- catdoc-0.90 buffer overruns Duncan Simpson (Nov 10)
- Re: catdoc-0.90 buffer overruns Kragen (Nov 12)
- Re: klogd 1.3-22 buffer overflow Neil Bright (Nov 11)
- Re: klogd 1.3-22 buffer overflow Peter van Dijk (Nov 11)
- Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
- Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
- Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- catdoc-0.90 buffer overruns Duncan Simpson (Nov 10)
- [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 10)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)