Bugtraq mailing list archives
Re: [RHSA-2000:061-02] syslog format vulnerability in klogd
From: Pekka Savola <pekkas () NETCORE FI>
Date: Wed, 20 Dec 2000 01:33:42 +0200
On Tue, 19 Sep 2000, Lionel Cons wrote:
bugzilla () REDHAT COM writes: > Various vulnerabilities exist in syslogd/klogd. [...] > > 4. Solution: > > For each RPM for your particular architecture, run: > > rpm -Fvh [filename] > > where filename is the name of the RPM. I have the impression that this is not enough as the old buggy daemons still run. It seems necessary to run: # /etc/rc.d/init.d/syslog restart (Red Hat, could you add this to the rpm post install script?)
These steps have been taken for granted in the past. Of course, the wording could be a little more precise. Red Hat Linux 7 automatically restarts services if running (with 'condrestart') when they're upgraded. This is a new feature. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
Current thread:
- Re: [RHSA-2000:061-02] syslog format vulnerability in klogd Lionel Cons (Dec 19)
- Re: [RHSA-2000:061-02] syslog format vulnerability in klogd Pekka Savola (Dec 20)