Vulnerability Development mailing list archives
Re: Possible syslogd DoS ?
From: Tim Walberg <twalberg () mindspring com>
Date: Fri, 5 Oct 2001 12:33:26 -0500
On 10/05/2001 11:28 -0500, H D Moore wrote:
Are you sure tha /dev/urandom will never return a string with %[snpfdn] etc? Your exploit may be exploitable ;) On Friday 05 October 2001 12:19 am, Petr Baudis wrote: > > for(;;) > { > fgets(buffer, sizeof(buffer), fp); > syslog(0, buffer); > } Fix: syslog(0, "%s", buffer); -- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play
End of included message Another fix, althought the point of the program is well demonstrated without it: for(;;) { fgets(buffer, sizeof(buffer), fp); buffer[1023] = 0; syslog(0, "%s", buffer); } -- twalberg () mindspring com
Attachment:
_bin
Description:
Current thread:
- Possible syslogd DoS ? Petr Baudis (Oct 03)
- Re: Possible syslogd DoS ? Crist J. Clark (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- Re: Possible syslogd DoS ? H D Moore (Oct 05)
- Re: Possible syslogd DoS ? Tim Walberg (Oct 05)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- AnalogX Proxy SMTP server relay Claymore (Oct 05)
- Re: AnalogX Proxy SMTP server relay Joe Stewart (Oct 06)
- Re: Possible syslogd DoS ? Robert van der Meulen (Oct 04)
- Re: Possible syslogd DoS ? White Vampire (Oct 04)
- Re: Possible syslogd DoS ? Pavel Kankovsky (Oct 07)
- Re: Possible syslogd DoS ? Thiago Conde Figueiro (Oct 04)
- <Possible follow-ups>
- RE: Possible syslogd DoS ? Brian McKinney (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)