Bugtraq mailing list archives
SunOS syslog() fix, finally...
From: elfchief () LUPINE ORG (Jay 'Whip' Grizzard)
Date: Fri, 3 Nov 1995 12:13:42 -0800
Looks like SUN finally got their libc patch out to fix the syslog() bug -- On sunsolve1.sun.com there is /pub/patches/102545-03.tar.Z, which is the int'l version of the SunOS 4.1.4 patch, which has in its README, among other things: Problem Description: 1220511 --> mktime() doesn't care leap year. 1222421 --> Patch 102545-02 changed clnt_udp.o but should not. 1190985 --> gethostbyname() can trash an existing open file descriptor. 1197137 --> NFS server crashed w/ "Panic: Bad Trap" when NFS client do a "find" over T1 link. 1182835 --> portmapper silently fails with version mismatch by PC-NFS client. 1219835 --> Syslog(3) can be abused to gain root access on 4.X systems There is also a 4.1.3_U1 int'l libc jumbo patch (101558-07) that also claims to fix the bug. Off the top of my head, though, I don't see a domestic version of the patch -- It should be simple enough to extract syslog.o from one and drop it in your existing libraries, though... I'm going to give it a shot later and see what I see. -WW
Current thread:
- Telnet attack on SGI Douglas Siebert (Nov 01)
- Re: Telnet attack on SGI Robert A. Pickering Jr. (Nov 01)
- Re: Telnet attack on SGI Joe Hentzel (Nov 01)
- Re: Telnet attack on SGI Dr. Frederick B. Cohen (Nov 01)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
- SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)