[8591] in bugtraq
Re: [Linux] klogd 1.3-22 buffer overflow
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Wed Nov 18 13:05:05 1998
Date: Sat, 12 Sep 1998 17:46:30 +0200
Reply-To: Michal Zalewski <lcamtuf@IDS.PL>
From: Michal Zalewski <lcamtuf@IDS.PL>
X-To: Martin Schulze <joey@infodrom.north.de>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981117224544.A27914@finlandia.infodrom.north.de>
On Tue, 17 Nov 1998, Martin Schulze wrote:
> I'm the co-maintainer of the Linux sysklogd package which contains the
> klogd program for which a buffer overrun has been reported last week.
>
> First of all I'd like to complain about two things:
>
> a) The reports weren't made against the current version of the
> package. The source for it is well known on sunsite.unc.edu as
> well as various mirrors.
Reported vunerability is present in most of recent Linux distributions,
including RH 5.x and Slackware 3.x, as stated in original post. I reported
vunerability in these distributions.
> I dare to say, but this bug was fixed *two* years ago:
Heh, see above. Problem is reproductible at least on RH/Slackware
distributions with latest sysklogd packages. If this problem has been
fixed two years ago - huh, vendors are dumb, or noone even heard about
last two years...
_______________________________________________________________________
Michal Zalewski [lcamtuf@ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
