[1045] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?

daemon@ATHENA.MIT.EDU (Racer X)
Thu Aug 22 05:23:49 1996

Date: Wed, 21 Aug 1996 23:22:33 -0400 (EDT)
From: Racer X <shagboy@wspice.com>
Reply-To: shagboy@bluesky.net
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.GSO.3.95.960819201612.21781B-100000@clark.net>

On Mon, 19 Aug 1996, Paul D. Robertson wrote:

> > Surely you must be running syslogd? There are many known problems with
> > syslogd to do with buffer overruns, and in particular if your syslogd
> > listens on the syslogd UDP port, then that could easily be the trouble. 
> 
> Hrm, all the exploits I've seen deal with the syslog library call, not the
> daemon, and the Linux libraries have been fixed for a while.  Could you
> provide more info on the daemon problems?  

The "daemon problem" is caused by a syslogd that listens on the network 
UDP/syslog port for incoming messages from other hosts.  An attacker 
could fill up your hard disk, but that's about it.

The latest syslogd for Linux has this behavior turned off by default; you 
have to explicitly tell it to listen on the network, and you can specify 
hosts to listen to or ignore.  It should be blocked at the 
firewall/router if you want to run it on the net.

shag

Judd Bourgeois      | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key  | not hereditary.        Thomas Paine

home help back first fref pref prev next nref lref last post