[1045] in linux-security and linux-alert archive
Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?
daemon@ATHENA.MIT.EDU (Racer X)
Thu Aug 22 05:23:49 1996
Date: Wed, 21 Aug 1996 23:22:33 -0400 (EDT)
From: Racer X <shagboy@wspice.com>
Reply-To: shagboy@bluesky.net
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.GSO.3.95.960819201612.21781B-100000@clark.net>
On Mon, 19 Aug 1996, Paul D. Robertson wrote:
> > Surely you must be running syslogd? There are many known problems with
> > syslogd to do with buffer overruns, and in particular if your syslogd
> > listens on the syslogd UDP port, then that could easily be the trouble.
>
> Hrm, all the exploits I've seen deal with the syslog library call, not the
> daemon, and the Linux libraries have been fixed for a while. Could you
> provide more info on the daemon problems?
The "daemon problem" is caused by a syslogd that listens on the network
UDP/syslog port for incoming messages from other hosts. An attacker
could fill up your hard disk, but that's about it.
The latest syslogd for Linux has this behavior turned off by default; you
have to explicitly tell it to listen on the network, and you can specify
hosts to listen to or ignore. It should be blocked at the
firewall/router if you want to run it on the net.
shag
Judd Bourgeois | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine