[37703] in bugtraq
Re: Citadel/UX <= v6.27 Remote Format String Vulnerability
daemon@ATHENA.MIT.EDU (Michael Hampton)
Tue Dec 14 13:51:48 2004
Message-ID: <8c4adf5804121317291b93f1d2@mail.gmail.com>
Date: Mon, 13 Dec 2004 19:29:44 -0600
From: Michael Hampton <error10@gmail.com>
Reply-To: Michael Hampton <error10@gmail.com>
To: bugtraq@securityfocus.com, room_citadel_development@uncensored.citadel.org
In-Reply-To: <20041213000642.31054.qmail@www.securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On 13 Dec 2004 00:06:42 -0000, CoKi <coki@nosystem.com.ar> wrote:
> -------------------------------------------------
> No System Group - Advisory #09 - 12/12/04
> -------------------------------------------------
> Program: Citadel/UX
> Homepage: http://www.citadel.org
> Operating System: Linux and Unix-Compatible
> Vulnerable Versions: Citadel/UX v6.27 and prior
> Risk: High
> Impact: Remote Format String Vulnerability
The patch for this issue has been checked in to Citadel CVS and a
release will be forthcoming shortly. Please do not run a production
system from Citadel CVS as code may not always be stable.
Sites which are unable to patch or upgrade may work around the issue
by disabling system logging, and logging to a separate text file. To
perform this action, remove the -l option from the citadel command
line in /etc/inittab and replace it with a -t option specifying the
text file to log to. Once complete, signal init to re-read the inittab
(e.g. init q) and then restart the Citadel server.
Example:
cit1:2345:respawn:/usr/local/citadel/citserver -h/usr/local/citadel
-x3 -t/var/log/citadel.log
