[8515] in bugtraq

home help back first fref pref prev next nref lref last post

Re: klogd 1.3-22 buffer overflow

daemon@ATHENA.MIT.EDU (Peter van Dijk)
Thu Nov 12 15:11:18 1998

Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Date: 	Thu, 12 Nov 1998 01:43:16 +0100
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199811111612.LAA09160@cleon.cc.gatech.edu>; from Neil Bright on
              Wed, Nov 11, 1998 at 11:12:09AM -0500

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 11, 1998 at 11:12:09AM -0500, Neil Bright wrote:
> Michal Zalewski wrote the following:
>=20
> > Good morning,
> >
> > This time - buffer overflow in Linux klogd daemon from sysklogd-1.3
> > package (up to release 22 - affects Red Hat 5.x and Slackware 3.x, no d=
ata
> > about other distributions).
>=20
> [snip]
>=20
> This does appear to affect a (fairly) stock RH5.2 box also.  In my test,
> The supplied module code did cause klogd to die...
>=20
> Relevant RPMS:
>   sysklogd-1.3-25
>   kernel-2.0.36-0.7     (stock, no kernel rebuild)

Same on Slackware 3.4 (kernel updated to 2.0.35).

[root@koek] ~# klogd -v
klogd 1.3-0

But attaching gdb to klogd shows that the character the buffer is filled wi=
th
only appears in eax and even there only in the lowest 8 bits.. Is this still
exploitable?

Greetz, Peter.
--=20
'I guess anybody who walks away from a root shell at :         Peter van Di=
jk
 a nerd party gets what they deserve!' -- BillSF     :peter@attic.vuurwerk.=
nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- =
--
finger hardbeat@flits104-161.flits.rug.nl for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 8NmZ8FDRmqWp1fcBFYDRTIjS97N9yD7/

iQA/AwUBNkovImxoDwIx5CYIEQJT3gCbBuT73tjdI4kEs0d+QOT1tyYpQiwAoIdd
6aMqLDlKzBlCH77T9E2x91Ya
=T/rM
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--

home help back first fref pref prev next nref lref last post