[5220] in bugtraq
Re: syslogd fun
daemon@ATHENA.MIT.EDU (Bollinger)
Thu Aug 28 21:05:28 1997
Date: Thu, 28 Aug 1997 18:19:57 -0500
Reply-To: Bollinger <troy@AUSTIN.IBM.COM>
From: Bollinger <troy@AUSTIN.IBM.COM>
X-To: volobuev@t1.chem.umn.edu
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.A41.3.95.970827195312.30652B-100000@t1.chem.umn.edu> from
"Yuri Volobuev" at Aug 27, 97 08:05:03 pm
-----BEGIN PGP SIGNED MESSAGE-----
Yuri Volobuev wrote:
>
> AIX [is]
> not so fortunate. It's on and can't be turned off in any obvious way, other
> than killing syslogd.
>
The IBM-ERS team pointed this out to us earlier and we're currently in
the build and test phase for the following APARs:
Abstract: "SECURITY: syslog denial-of-service vulnerability"
APAR 4.1: IX70659
APAR 4.2: IX70660
There's a temporary fix available via anonymous ftp from:
ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z
The AIX fix will include a new "-r" option that will turn off remote
message logging. (Note that by default, remote messages will still be
accepted. The AIX "-r" option is backward from the way that the Linux
syslogd works.)
[ it's sure nice that Aleph's back from vacation... ;-) ]
- --
+---------------- Opinions are my own -------------------+
|Troy Bollinger | 92CBR600F2|
|AIX Security Development | troy@austin.ibm.com|
+----------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBNAYHncjqvEm3eDEpAQE+nQQAu3edXl4CdAFc3y6vuz6EPtVIBf9pnrX8
aUIH5PWg7FD7p3JqCX22fKjZgw80XvxMqCARwXPMbehFTcTonNp8tq4cqsf6bHEm
Httume7RE1c2NjX8NAaLjxdjotbiy3ngetFtpApCztXFWLOslWcYInUjMSS2OHGE
NQ6hQqYRQe8=
=RumK
-----END PGP SIGNATURE-----
