Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: casper () Holland Sun COM (Casper Dik)
Date: Fri, 22 Sep 1995 01:33:33 +0200
On Sep 19, 4:33pm, Sten Gunterberg wrote:There's no patch yet, but Sun is apparently working on one. The Bug-IDs are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x. Try to give those to local Sun support and see what happens :-)Solaris 2.x ??? - I thought this is a BSD problem? Are you telling me that *all* my Solaris boxes are vulnerable too? Also local Sun support told me that the patch for Bug 1219835 has been integrated into SunOS 4.1.4 and there probably won't be a patch for older versions! Here's the bug info they sent me:
That's an error in the bug report. Since 4.1.4 was out long before the scare, the bug does exist in 4.1.4. The simple facts are: - all sendmails are vulnerable - it's a syslog() problem, not really a sendmail problem. While syslog()'s output can be limited in length by carefully specifying the format, some systems don't support more than 128 bytes of messages. Syslog should do the limiting. Sun is working on fixes for SunOS 4.1.x and Solaris 2.x. The fix has already been integrated in the 2.5 source as it currently stands, and a patch is underway. There are several Sun bug ids involved. - bug for SunOS 4 (as listed above) - bug for Solaris libc (as listed above) - bug for Solaris 2.x /usr/4lib/libc.so.?.* Casper
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)