Bugtraq mailing list archives
DoS with sysklogd, glibc (Caldera)
From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Mon, 22 Nov 1999 09:08:08 -0800
-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: DoS with sysklogd, glibc Advisory number: CSSA-1999-035.0 Issue date: 1999 November, 17 Cross reference: ______________________________________________________________________________ 1. Problem Description On Linux, most services do not log informational or error messages to their own files, but use the system log daemon, syslogd, for this. Unfortunately, the current syslogd has a problem by which any user on the local host can mount a denial of service attack that effectively stops all logging. Since all programs that want to send logging information to syslogd block until they're able to establish a connection to syslogd, this will make programs such as login, su, sendmail, telnetd, etc hang indefinitely. 2. Vulnerable Versions Systems : previous to COL 2.3 Packages: previous to sysklogd-1.3.31-4 3. Solutions Workaround: none The proper solution is to upgrade to the latest packages rpm -U sysklogd-1.3.31-4.i386.rpm ** Make sure to reboot the machine after installing the fixed RPM. ** 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U sysklogd-1.3.31-4.i386.rpm 6. Verification a3a5aba891db83dbb0e31b01879011ac RPMS/sysklogd-1.3.31-4.i386.rpm 2bdf1431d3a487ee15e2323d61da2366 SRPMS/sysklogd-1.3.31-4.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 5074 Caldera wishes to thank Alex Kuznetisov, Alan Cox, and Bill Nottingham (the latter two of RedHat, Inc.) for their cooperation. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBODLqhun+9R4958LpAQGJhAP/QNQN3DZZuDOuJFAsTmZNpQ36L28xhfvm Ki2P3ILnVFKrfsYELP3c0HZmFI3JsLBC0F9HXBAnIbNo+SiMLounIwimT0oXaX62 OeTrqFqBVhCQAfXdD1ab2+Pp+/j1kBtRY8tYag7v6qmXoruj9i1lBcPtG35MiegZ ZDJmuOBgFxg= =b4rp -----END PGP SIGNATURE-----
Current thread:
- Re: Oracle 8 root exploit, (continued)
- Re: Oracle 8 root exploit Jared Still (Nov 16)
- Re: Oracle 8 root exploit Martin Mevald (Nov 15)
- Re: Oracle 8 root exploit Antonomasia (Nov 15)
- Re: Oracle 8 root exploit Elias Levy (Nov 16)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 16)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 16)
- Re: Oracle 8 root exploit Alan Olsen (Nov 19)
- [RHSA-1999:055-01] Denial of service attack in syslogd Bill Nottingham (Nov 19)
- [ COBALT ] Security Advisory - syslog Jeff Bilicki (Nov 20)
- IE 5.0 XML HTTP redirect problems Georgi Guninski (Nov 22)
- DoS with sysklogd, glibc (Caldera) Alfred Huger (Nov 22)
- Re: DoS with sysklogd, glibc (Caldera) Balazs Scheidler (Nov 22)
- Re: Oracle 8 root exploit Steve D'Angona (Nov 18)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 18)