Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: elfchief () lupine org (Jay 'Whip' Grizzard)
Date: Tue, 29 Aug 1995 17:03:59 -0700
REPEAT BY: We have written an example exploit to overwrite syslog(3)'s internal buffer using SunOS sendmail(8). However due to the severity of this problem, this code will not be made available to anyone at this time. Please note that the exploit was fairly straightforward to put together, therefore expect exploits to be widely available soon after the release of this advisory.If it's so straightforward, let's have it ! I want to check my linux and my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/ scripts now !
Actually, (not to get into a religious war), I would consider what 8lgm has done to _BE_ full-disclosure. Full disclosure means giving full details about a hole (which 8lgm DID, in this case, kudos to them!), not necesarilly giving exploit scripts so that everyone and their brother can start breaking into systems. ObBugTraq: You can check to see if you are vurnerable by reading the source for your C shared library. Look at the code for the syslog() routine, and see if it has protections to keep from writing off the end of the static-size buffer it uses to send the message to syslogd. If it doesn't have a "safety net," it's vurnerable. -WW
Current thread:
- Security Mailing Lists, (continued)
- Security Mailing Lists Christopher Klaus (Dec 09)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
- .lsof_dev_cache Dave Sill (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- SunOS syslog.c replacement Matthew Donaldson (Aug 30)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- syslog() Mark A. Fullmer (Aug 29)