Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: elfchief () lupine org (Jay 'Whip' Grizzard)
Date: Tue, 29 Aug 1995 17:03:59 -0700

REPEAT BY:
       We have written an example exploit to overwrite syslog(3)'s
       internal buffer using SunOS sendmail(8).  However due to the
       severity of this problem, this code will not be made available
       to anyone at this time.  Please note that the exploit was fairly
       straightforward to put together, therefore expect exploits to be
       widely available soon after the release of this advisory.


If it's so straightforward, let's have it ! I want to check my linux and
my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/
scripts now !


Actually, (not to get into a religious war), I would consider what 8lgm
has done to _BE_ full-disclosure. Full disclosure means giving full details
about a hole (which 8lgm DID, in this case, kudos to them!), not necesarilly
giving exploit scripts so that everyone and their brother can start breaking
into systems.

ObBugTraq: You can check to see if you are vurnerable by reading the source
for your C shared library. Look at the code for the syslog() routine,
and see if it has protections to keep from writing off the end of the
static-size buffer it uses to send the message to syslogd. If it doesn't
have a "safety net," it's vurnerable.

                                                                        -WW

Current thread:

Security Mailing Lists, (continued)
- - Security Mailing Lists Christopher Klaus (Dec 09)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
  - .lsof_dev_cache Dave Sill (Aug 25)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - SunOS syslog.c replacement Matthew Donaldson (Aug 30)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - syslog() Mark A. Fullmer (Aug 29)