Bugtraq mailing list archives
Re: What happened to the syslog bug ?
From: strombrg () hydra acs uci edu (Dan Stromberg)
Date: Wed, 26 Jun 1996 10:37:05 -0700
AUSCERT (quite reasonably) indicated sendmail_wrapper was no longer a recommended option, now that vendor patches are available for the problems sendmail_wrapper was intended to fix. sendmail_wrapper can show some intermittent problems, when used on SunOS 4.1.x. We had an array of unpatched SunOS 4.1.x boxes running various releases of sun, IDA, and V8 sendmail's. At one time, our hope was to bandaid these with sendmail_wrapper (for internal hacks) and smap (for external hacks), without getting into sendmail.cf rewrites all at once. We wound up using smap alone - and have resumed moving to current V8's (or even upgrading our OSes ^_^) as time permits. Gunnar Ingvi Thorisson wrote:
Hi there..In August last year 8LGM released an advisory warning about a syslog vulnerability. Something to do with a buffer overflow and passing commands to a remote site. The advisory said that exploit would not be released yet, in order to give time to vendors to issue patches. Now I understand that some vendors are pretty slow in acknowledging security problems but it sounds like they had enough time by now. Anyone considering posting details on this full disclosure list ?the sendmail_wrapper.c was updated to prevent this bug, thats about it I know about sendmail, if you're looking for cure, get this wrapper, it can be found at any sendmail site. Hope it helps... Best regards, Gunni... gunni () if is ========================================================================= Gunnar Ingvi Þórisson E-Mail address: gunni () if is Kerfisstjóri, system administrator Íslensk forritaþróun hf. Suðurlandsbraut 4, IS-108 Reykjavík, Ísland Sími: (+354) 588-1511 Fax: (+354) 588-8728 =========================================================================
Current thread:
- Re: What happened to the syslog bug ? Dan Stromberg (Jun 26)