Vulnerability Development mailing list archives
Re: Red Hat 7.1 rpc.statd problem
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 05 Dec 2001 12:36:09 -0800
Fyodor wrote:
because originally the bug was simple if (cant_lookup_hostname(userdata)) { syslog(userdata); } .. now they fixed it to be: syslog("lookup screwed for: %s\n", userdata); ...
So if someone has written a bad syslog implementation, then the format string will get sent to the syslogd, and potentially exploit that? (Not that it wouldn't be the responsibility of the syslog program to not be exploited, of course.) Just seems to me that the statd code should use a smaller buffer, or strip out some characters, or something that wouldn't put such a scary entry into the log files. :) BB
Current thread:
- Red Hat 7.1 rpc.statd problem Blue Boar (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Chris Ess (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Przemyslaw Frasunek (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Fyodor (Dec 05)
- Message not available
- Message not available
- Re: Red Hat 7.1 rpc.statd problem Fyodor (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Blue Boar (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Fyodor (Dec 05)
- Re: Red Hat 7.1 rpc.statd problem Valdis . Kletnieks (Dec 06)
- Message not available
- Re: Red Hat 7.1 rpc.statd problem Chris Ess (Dec 05)