Re: klogd 1.3-22 buffer overflow

[ncb () CC GATECH EDU (Neil Bright)]

-----BEGIN PGP SIGNED MESSAGE-----

Michal Zalewski wrote the following:

> Good morning,
>
> This time - buffer overflow in Linux klogd daemon from sysklogd-1.3
> package (up to release 22 - affects Red Hat 5.x and Slackware 3.x, no data
> about other distributions).

[snip]

This does appear to affect a (fairly) stock RH5.2 box also.  In my test,
The supplied module code did cause klogd to die...

Relevant RPMS:
  sysklogd-1.3-25
  kernel-2.0.36-0.7     (stock, no kernel rebuild)

+============ 24 68 BF F6 0E 73 53 47 80 E9 27 7D F9 35 58 4B ============+
 Neil Bright              ncb () cc gatech edu            IHPCL administrator
 (404) 385-0448                                       College of Computing
 http://www.cc.gatech.edu/projects/ihpcl   Georgia Institute of Technology

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNkm3SPYNylcsgopZAQHiTwP/RNlnm5qp6QzDsNdSu7qOXIWautgAtfWE
geiXigHgqMNt9++pMm0Rev8IHI6tFJgIyZi6yFoXEhAlBoDdbCV5tLa50v8xv9mQ
oSEpGSXsuEPRsf4j1mpr+E2QDsB6ePfZSMQfHywugEbTmbxYds4e60f2kY8P7e79
95NsP6yaJns=
=ijNd
-----END PGP SIGNATURE-----