Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: andy () BTC UWE AC UK (andy () BTC UWE AC UK)
Date: Mon, 25 Sep 1995 13:19:27 BST
Pat The Friendly RedNeck <pat () WOLFE net> wrote : > >On Sep 19, 4:33pm, Sten Gunterberg wrote: : > >> : : (Hmm. Howcum my mailer missed the attrib? Gotta fix that or the header : somehow got bolluxed - anyway)... : : Casper apparantly sez: : : > That's an error in the bug report. Since 4.1.4 was out long before : > the scare, the bug does exist in 4.1.4. : : Not surprising - and it probably is in about everything on any platform : that uses syslog(3) and lacks a bounds-checking sprintf()... I wonder : about the logger(1) command - is there any bounds checking in it, or : can one stomp all over the stack and cause syslogd to core... stopping : any future logging? : : I wonder if there is any element of protection by having the sendmail : daemon running only on machines that have no user accounts (all passwd : entries have '*' for the passwd field, except for systems staff, of course)? : All other machines having sendmail NOT running as a daemon, and the SUID : bit turned off (because it doesn't do local delivery)... : : > The simple facts are: : > - all sendmails are vulnerable : > - it's a syslog() problem, not really a sendmail problem. : : I suspect that when the patch is out, it will be a libc patch, or at : least a new module to replace one in libc, not a patch to sendmail, : syslogd, or other utils... Thats how I am thinking of fixing it, if : the patch is not forthcoming soon... replacing the syslog.o module in : libc.a and libc.so.??? (so statically linked stuff subsequently built : won't be vulnerable, too)? I take it that Suns syslog() function doesn't : do anything undocumented and wierd... : : I am understanding this bug correctly, right? Yes you are correct. syslog() is in libc. Sun has test patches out now (contact Sun for details on how to get) They are for libc.blah.blah and versions exist for 4.1.3, 4.1.3_U1 and 4.1.4 for both domestic and international versions of the OS. The numbers are :- T100891-13.tar.Z 4.1.3: international libc jumbo patch T101558-07.tar.Z 4.1.3_U1 international libc T102545-03.tar.Z 4.1.4 international libc 4.1.3 domestic libc = T100892-13.tar.Z 4.1.3_U1 domestic libc = T101759-04.tar.Z 4.1.4 domestic libc = T102544-03.tar.Z so if you have Sun support you should get these now. No doubt public access will be given as soon as the test is done. Andy Cowley
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)