Re: What happened to the syslog bug ?

[strombrg () hydra acs uci edu (Dan Stromberg)]

AUSCERT (quite reasonably) indicated sendmail_wrapper was no longer a
recommended option, now that vendor patches are available for the
problems sendmail_wrapper was intended to fix.

sendmail_wrapper can show some intermittent problems, when used on SunOS
4.1.x.

We had an array of unpatched SunOS 4.1.x boxes running various releases
of sun, IDA, and V8 sendmail's.  At one time, our hope was to bandaid
these with sendmail_wrapper (for internal hacks) and smap (for external
hacks), without getting into sendmail.cf rewrites all at once.  We wound
up using smap alone - and have resumed moving to current V8's (or even
upgrading our OSes ^_^) as time permits.

Gunnar Ingvi Thorisson wrote:
> Hi there..
>
> > In August last year 8LGM released an advisory warning about a syslog
> > vulnerability. Something to do with a buffer overflow and passing commands
> > to a remote site. The advisory said that exploit would not be released yet,
> > in order to give time to vendors to issue patches. Now I understand that
> > some vendors are pretty slow in acknowledging security problems but it
> > sounds like they had enough time by now.
> > Anyone considering posting details on this full disclosure list ?
>
> the sendmail_wrapper.c was updated to prevent this bug, thats about it I
> know about sendmail, if you're looking for cure, get this wrapper, it can
> be found at any sendmail site. Hope it helps...
>
> Best regards, Gunni...
> gunni () if is
>
> =========================================================================
>  Gunnar Ingvi Þórisson                      E-Mail address:  gunni () if is
>  Kerfisstjóri, system administrator
>
>  Íslensk forritaþróun hf.
>  Suðurlandsbraut 4, IS-108 Reykjavík, Ísland
>  Sími: (+354) 588-1511  Fax: (+354) 588-8728
> =========================================================================