Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: scorp () un kiev ua (Slava Kritov)
Date: Tue, 5 Sep 1995 14:26:49 +0300
Hi !
has anyone bothered to check IRIX, OSF, etc. etc. etc. ?
I've already posted some testing of FreeBSD & OSF 3.2 ( Digital Unix ) in certain security-related newsgroups, so sorry for dupes all who had read that already. Tests shows that a) FreeBSD 1.1.5.1 - max buffer size ~ 1700, the calling program coredumps on 11. Although this is NOT the major problem, since sendmail by itself ( at least 8.6.12 ) conducts extensive tests on values fed in thus making this direction of attacks highly unprobable. b) Dec Alpha AXP 2100 OSF 3.2 ( Digital Unix from now & forever :) - max buffer size ~1600, silently ignores longer messages, no malfunctions / posteffects detected
I'd like to see some sort of a robust test for the freaking thing that wasn't platform dependent, or at least had good assurance of adressing the problem.
Why not, that base program that was posted doesn't require modifications to run on my platforms ( Dec, PC ). I actually added a short loop incrementing the length of the buffer in 100 bytes chunks. The only thing you should check is the log level - some syslogd's have certain levels disabled/specifically configured etc.
just my whacky perceptions... Really neither here nor there.
The only person you can trust in this world is yourself .... Maybe ... ;)
________________________________________________________________ tfs () vampire science gmu edu (NeXTmail, MIME) Tim Scanlon
^^^^^^^ [flames off] This should partially explain the dark mood of the author ;) Best Slava
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Christian Wettergren (Aug 29)
- <Possible follow-ups>
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Aug 30)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 der Mouse (Aug 31)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Tim Scanlon (Sep 02)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Sep 05)
- Discovery: Gain access to root on Linux via NIS Ken Weaverling (Sep 05)
- Re: Discovery: Gain access to root on Linux via NIS Alan Hannan (Sep 07)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 04)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 12)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)
- Re: Livingston bugs... Dave Andersen (Sep 12)