Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 25 Sep 1995 18:32:05 +0100
I wonder if there is any element of protection by having the sendmail daemon running only on machines that have no user accounts (all passwd entries have '*' for the passwd field, except for systems staff, of course)? All other machines having sendmail NOT running as a daemon, and the SUID bit turned off (because it doesn't do local delivery)...
No. The attak can be executed over the net. Since sendmail runs as root in daemon mode, breakins can be made on systems w/o user accoutns or whatnot.
I suspect that when the patch is out, it will be a libc patch, or at least a new module to replace one in libc, not a patch to sendmail, syslogd, or other utils... Thats how I am thinking of fixing it, if the patch is not forthcoming soon... replacing the syslog.o module in libc.a and libc.so.??? (so statically linked stuff subsequently built won't be vulnerable, too)? I take it that Suns syslog() function doesn't do anything undocumented and wierd...
Fixing libc.so will fix all dynamically linked programs. Those of you who have a statically linked sendmail, will need to relink it after upgrading libc.a (the static libc) Casper
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)