[12672] in bugtraq
[ COBALT ] Security Advisory - syslog
daemon@ATHENA.MIT.EDU (Jeff Bilicki)
Mon Nov 22 13:59:29 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38373750.3DDFBE2D@cobaltnet.com>
Date: Sat, 20 Nov 1999 16:05:36 -0800
Reply-To: Jeff Bilicki <jeffb@COBALTNET.COM>
From: Jeff Bilicki <jeffb@COBALTNET.COM>
X-To: BugTraQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Cobalt Networks -- Security Advisory -- 11.20.1999
Problem:
The syslogd server uses a Unix Domain stream socket (/dev/log) for
receiving local log messages via syslog(3). Unix Domain stream sockets
are non connection-less, that means, that one process is needed to
serve one client.
Description:
By opening a lot of local syslog connections a user with shell access
could stop the system from responding.
Problem and description text was taken from:
http://www.suse.de/de/support/security/suse_security_announce_31.txt
Relevant products and architectures:
Product Architecture Vulnerable
Qube1 MIPS Yes
Qube2 MIPS Yes
RaQ1 MIPS Yes
RaQ2 MIPS Yes
RaQ3 x86 Yes
RPMS:
-RaQ3-
ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm
-RaQ1 RaQ2 Qube1 Qube2-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm
SRPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm
MD5 sum Package Name
-------------------------------------------------------------
2b5f2e422a82e84237c184762a16e2f2 sysklogd-1.3.33-9C1.i386.rpm
dd4c696ef40cc0b6bf3f2a5b23cd9dcf sysklogd-1.3.33-9C2.mips.rpm
You can verify each rpm using the following command:
rpm --checksig [package]
To install, use the following command, while logged in as root:
rpm -U [package]
The package file format (pkg) for this fix is currently in testing, and
will be available in the near future.
Jeff Bilicki
Cobalt Networks
