[2268] in linux-security and linux-alert archive
[linux-security] DoS with sysklogd, glibc (Caldera) (fwd)
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Nov 23 21:17:41 1999
Message-Id: <199911230935.KAA01665@cave.bitwizard.nl>
To: linux-security@redhat.com
Date: Tue, 23 Nov 1999 10:35:19 +0100 (MET)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Resent-From: linux-security@redhat.com
Hi,
This advisory has a bit more than the Red Hat one....
Roger.
----- Forwarded message from Alfred Huger -----
>>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999
Approved-By: aleph1@SECURITYFOCUS.COM
Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com>
Date: Mon, 22 Nov 1999 09:08:08 -0800
X-Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Alfred Huger <ah@SECURITYFOCUS.COM>
Subject: DoS with sysklogd, glibc (Caldera)
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-- Start of PGP signed section.
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: DoS with sysklogd, glibc
Advisory number: CSSA-1999-035.0
Issue date: 1999 November, 17
Cross reference:
______________________________________________________________________________
1. Problem Description
On Linux, most services do not log informational or error messages
to their own files, but use the system log daemon, syslogd, for this.
Unfortunately, the current syslogd has a problem by which any
user on the local host can mount a denial of service attack that
effectively stops all logging. Since all programs that want to send
logging information to syslogd block until they're able to establish
a connection to syslogd, this will make programs such as login, su,
sendmail, telnetd, etc hang indefinitely.
2. Vulnerable Versions
Systems : previous to COL 2.3
Packages: previous to sysklogd-1.3.31-4
3. Solutions
Workaround: none
The proper solution is to upgrade to the latest packages
rpm -U sysklogd-1.3.31-4.i386.rpm
** Make sure to reboot the machine after installing the fixed RPM. **
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U sysklogd-1.3.31-4.i386.rpm
6. Verification
a3a5aba891db83dbb0e31b01879011ac RPMS/sysklogd-1.3.31-4.i386.rpm
2bdf1431d3a487ee15e2323d61da2366 SRPMS/sysklogd-1.3.31-4.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 5074
Caldera wishes to thank Alex Kuznetisov, Alan Cox, and Bill
Nottingham (the latter two of RedHat, Inc.) for their cooperation.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-- End of PGP signed section, PGP failed!
----- End of forwarded message from Alfred Huger -----
--
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
"I didn't say it was your fault. I said I was going to blame it on you."
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
