Bugtraq mailing list archives
[ COBALT ] Security Advisory - syslog
From: jeffb () COBALTNET COM (Jeff Bilicki)
Date: Sat, 20 Nov 1999 16:05:36 -0800
Cobalt Networks -- Security Advisory -- 11.20.1999 Problem: The syslogd server uses a Unix Domain stream socket (/dev/log) for receiving local log messages via syslog(3). Unix Domain stream sockets are non connection-less, that means, that one process is needed to serve one client. Description: By opening a lot of local syslog connections a user with shell access could stop the system from responding. Problem and description text was taken from: http://www.suse.de/de/support/security/suse_security_announce_31.txt Relevant products and architectures: Product Architecture Vulnerable Qube1 MIPS Yes Qube2 MIPS Yes RaQ1 MIPS Yes RaQ2 MIPS Yes RaQ3 x86 Yes RPMS: -RaQ3- ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm -RaQ1 RaQ2 Qube1 Qube2- ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm SRPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm MD5 sum Package Name ------------------------------------------------------------- 2b5f2e422a82e84237c184762a16e2f2 sysklogd-1.3.33-9C1.i386.rpm dd4c696ef40cc0b6bf3f2a5b23cd9dcf sysklogd-1.3.33-9C2.mips.rpm You can verify each rpm using the following command: rpm --checksig [package] To install, use the following command, while logged in as root: rpm -U [package] The package file format (pkg) for this fix is currently in testing, and will be available in the near future. Jeff Bilicki Cobalt Networks
Current thread:
- Oracle 8 root exploit Tellier, Brock (Nov 13)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 15)
- Re: Oracle 8 root exploit Jared Still (Nov 16)
- <Possible follow-ups>
- Re: Oracle 8 root exploit Martin Mevald (Nov 15)
- Re: Oracle 8 root exploit Antonomasia (Nov 15)
- Re: Oracle 8 root exploit Elias Levy (Nov 16)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 16)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 16)
- Re: Oracle 8 root exploit Alan Olsen (Nov 19)
- [RHSA-1999:055-01] Denial of service attack in syslogd Bill Nottingham (Nov 19)
- [ COBALT ] Security Advisory - syslog Jeff Bilicki (Nov 20)
- IE 5.0 XML HTTP redirect problems Georgi Guninski (Nov 22)
- DoS with sysklogd, glibc (Caldera) Alfred Huger (Nov 22)
- Re: DoS with sysklogd, glibc (Caldera) Balazs Scheidler (Nov 22)
- Re: Oracle 8 root exploit Steve D'Angona (Nov 18)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 18)