Bugtraq mailing list archives
Re: SunOS syslog() fix, finally...
From: casper () Holland Sun COM (Casper Dik)
Date: Mon, 13 Nov 1995 17:14:05 +0100
Sendmail doesn't need to be recompiled as long as it is dynamically linked. If, however, you installed you own version of sendmail and linked it statically against libc.so, you need to recompile & relink.yeah, but what about /usr/sbin/ufsrestore ? it is statically linked, utilizes syslog, and suid root.
This may not necessarily be a problem. In my first examination I found that the syslog() calls in ufsrestore cannot be passed random strings, but if you have different information, please tell. The patch also doesn't include "/sbin/su", though the README says it is included. Casper
Current thread:
- Re: Telnet attack on SGI, (continued)
- Re: Telnet attack on SGI Dr. Frederick B. Cohen (Nov 01)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
- SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)
- SGI Security Advisory 19951101 - telnetd : UPDATE SGI Security Coordinator (Nov 17)
- Re: SunOS syslog() fix, finally... Pug (Nov 10)
- Turning dynamic into static? Lawrence R. Rogers (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)