Re: sysklogd vulnerability (CVE-2014-3634)

[Rainer Gerhards <rgerhards () hq adiscon com>]

Today is Germany's national holiday.  IIRC it was with 3500000000 or
350000001. I probably can't check today. I think it was on ubuntu 12.04lts
fully patched.

Sorry i have no better answer at the moment.

Rainer
Sent from phone, thus brief.
Am 03.10.2014 17:01 schrieb "mancha" <mancha1 () zoho com>:

> On Fri, Oct 03, 2014 at 01:53:02PM +0200, Rainer Gerhards wrote:
> > I didn't try out sysklogd as I was busy enough with rsyslog BUT I can
> > crash unpatched rsyslog v3 and the code path in question is extremely
> > similar in those two.
>
> OK, I just graduated from my crash-course on setting up an unpatched
> rsyslog 3.22.3 daemon.
>
> I've hit it with lots of pri "vals" including: x112,
> 80000000000000000000000000000000, my lottery numbers, and the magical
> 3500000000 but am unable to crash it.
>
> printline()'s are very similar like you say so it would be worthwhile if
> we could dig a little.
>
> Rainer, would you be able to provide a backtrace? or be more specific
> about the steps you took to crash it?
>
> --mancha
>
> PS I've taken Joey off the CC list because he's not expressed any
> interest in this and is probably busy adding to his spamassassin
> rulesets.