Bugtraq mailing list archives

Re: klogd format bug

From: Carlos Eduardo Gorges <carlos () TECHLINUX COM BR>
Date: Mon, 18 Sep 2000 14:15:08 -0300

Em seg, 18 set 2000, Jouko Pynnönen escreveu:

OVERVIEW

Kernel logging daemon klogd in the sysklogd package for Linux contains a
"format bug" making it vulnerable to local root compromise (successfully
tested on Linux/x86). There's also a possibility for remote vulnerability
under certain (rather unprobable)  circumstances and a more probable
semi-remote exploitableness with knfsd.


The patch.
--
         _________________________
         Carlos E Gorges
         (carlos () techlinux com br)
         Tech informática LTDA
         Brazil
         _________________________

Attachment: sysklogd-1.3-31-formatbug.diff.bz2
Description:

Current thread:

klogd format bug Jouko Pynnönen (Sep 18)
- Re: klogd format bug Carlos Eduardo Gorges (Sep 18)