Re: sysklogd vulnerability (CVE-2014-3634)

[mancha <mancha1 () zoho com>]

By way of update, the sysklogd maintainer (Joey) has been in touch with
me and let me know sysklogd 1.5.1 which fixes the PRI/OOB issue is
forthcoming.

On Sun, Oct 05, 2014 at 05:01:48PM +0200, Rainer Gerhards wrote:
> I have had a pretty deep look at it. Bottom line is that I couldn't
> reproduce it manually either. So I checked the test environment. As it
> turns out, the root cause for my ability to crash was that the test
> scripts did not setup things properly for v3 ... some v5 binary
> modules kept be used. Digging deeper in the old code, a crash seems as
> unlikely as said in the initial report. The reason is that some
> masking happens, which in turn prevents most problems with the
> negative PRIs. I'll update the advisory soon. Sorry for the noise and
> thanks for keeping this straight.
>
> Rainer

Many thanks Rainer for re-doing your tests on rsyslog v3. They're
consistent with my own findings on sysklogd as well as my limited
testing on rsyslog 3.22.3 (after my brief $ModLoad learning curve).

--mancha

Attachment: _bin
Description: