Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Portable source code to fix syslog(3) vunerability

From: seth () soscorp com (Seth Robertson)
Date: Fri, 1 Sep 1995 16:32:08 -0400

As with many other people, I have been working on the syslog(3)
problem.  I have come up with a library which can be used in
your compilations of various programs, such as sendmail.

For those who have SunOS dynamically linked programs, and BSD 4.4
systems, the problems should have been solved by the various patches
and methods already posted here.  However, a portable method which can
be used *now* on most OS's is still very useful (I know this because I
used it :-)

The new syslog library contains 4.4 BSD lite code, hacked until it
will compile on SunOS, Solaris, BSDI, and Irix, and hacked so that it
will not conflict with normal STDIO routines (my emergency hack of
just using 4.4 BSD STDIO turned out not to work well on SunOS because
of non-STDIO routines calling private STDIO functions which did not
exist under 4.4 STDIO)

The libraries can be found at:

ftp://ftp.cs.columbia.edu/pub/sos/lib/newlog-1.0.tar.gz
ftp://ftp.soscorp.com/pub/sos/lib/newlog-1.0.tar.gz


If you have any questions, or are suddenly very aware of your
vulnerability and want to buy a firewall (:-), contact me via the
methods listed below.


----
Seth Robertson                   voice: +1 800 SOS UNIX +1 212 686 5700
SOS Corporation                    fax: +1 212 686 5703
461 5th Avenue, 16th floor       email: seth () soscorp com
New York, NY 10017                http://www.soscorp.com/
Previous By Date Next
Previous By Thread Next

Current thread: