Re: syslogd fun

[troy () AUSTIN IBM COM (Bollinger)]

-----BEGIN PGP SIGNED MESSAGE-----

Yuri Volobuev wrote:
> AIX [is]
> not so fortunate.  It's on and can't be turned off in any obvious way, other
> than killing syslogd.

The IBM-ERS team pointed this out to us earlier and we're currently in
the build and test phase for the following APARs:

   Abstract:  "SECURITY: syslog denial-of-service vulnerability"
   APAR 4.1:  IX70659
   APAR 4.2:  IX70660

There's a temporary fix available via anonymous ftp from:

   ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z

The AIX fix will include a new "-r" option that will turn off remote
message logging.  (Note that by default, remote messages will still be
accepted.  The AIX "-r" option is backward from the way that the Linux
syslogd works.)

[ it's sure nice that Aleph's back from vacation... ;-) ]
- --
+----------------  Opinions are my own  -------------------+
|Troy Bollinger             |                    92CBR600F2|
|AIX Security Development   |           troy () austin ibm com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBNAYHncjqvEm3eDEpAQE+nQQAu3edXl4CdAFc3y6vuz6EPtVIBf9pnrX8
aUIH5PWg7FD7p3JqCX22fKjZgw80XvxMqCARwXPMbehFTcTonNp8tq4cqsf6bHEm
Httume7RE1c2NjX8NAaLjxdjotbiy3ngetFtpApCztXFWLOslWcYInUjMSS2OHGE
NQ6hQqYRQe8=
=RumK
-----END PGP SIGNATURE-----