Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SunOS syslog() fix, finally...

From: elfchief () LUPINE ORG (Jay 'Whip' Grizzard)
Date: Fri, 3 Nov 1995 12:13:42 -0800

Looks like SUN finally got their libc patch out to fix the syslog() bug --
On sunsolve1.sun.com there is /pub/patches/102545-03.tar.Z, which
is the int'l version of the SunOS 4.1.4 patch, which has in its README,
among other things:

Problem Description:


1220511 --> mktime() doesn't care leap year.

1222421 --> Patch 102545-02 changed clnt_udp.o but should not.

1190985 --> gethostbyname() can trash an existing open file descriptor.

1197137 --> NFS server crashed w/ "Panic: Bad Trap" when NFS client
            do a "find" over T1 link.

1182835 --> portmapper silently fails with version mismatch by PC-NFS client.

1219835 --> Syslog(3) can be abused to gain root access on 4.X systems


There is also a 4.1.3_U1 int'l libc jumbo patch (101558-07) that also
claims to fix the bug. Off the top of my head, though, I don't see a
domestic version of the patch -- It should be simple enough to extract
syslog.o from one and drop it in your existing libraries, though... I'm
going to give it a shot later and see what I see.

                                                                        -WW
Previous By Date Next
Previous By Thread Next

Current thread: