[16809] in bugtraq
Re: klogd format bug
daemon@ATHENA.MIT.EDU (Carlos Eduardo Gorges)
Mon Sep 18 13:52:58 2000
Content-Type: Multipart/Mixed;
boundary="Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD"
Mime-Version: 1.0
Message-Id: <00091814160500.01006@quarks.techlinux>
Date: Mon, 18 Sep 2000 14:15:08 -0300
Reply-To: Carlos Eduardo Gorges <carlos@TECHLINUX.COM.BR>
From: Carlos Eduardo Gorges <carlos@TECHLINUX.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10009180709590.16338-100000@shell.solutions.fi>
--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Em seg, 18 set 2000, Jouko Pynnvnen escreveu:
> OVERVIEW
>
> Kernel logging daemon klogd in the sysklogd package for Linux contains a
> "format bug" making it vulnerable to local root compromise (successfully
> tested on Linux/x86). There's also a possibility for remote vulnerability
> under certain (rather unprobable) circumstances and a more probable
> semi-remote exploitableness with knfsd.
>
The patch.
--
_________________________
Carlos E Gorges
(carlos@techlinux.com.br)
Tech informatica LTDA
Brazil
_________________________
--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD
Content-Type: application/octet-stream;
name="sysklogd-1.3-31-formatbug.diff.bz2"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sysklogd-1.3-31-formatbug.diff.bz2"
QlpoOTFBWSZTWSFQ71AAANVfgEFw0n//2mOn3ES/794yMAFW0pBKKFPEaeqeKeQamGk0ANpGJ+oN
IHpoMlTyjJpkGjQaNAGgyAZDQABKEQ0FP1TT1A9R6mjJ6htQAekNGjRkUCabm4MLN+AfkKkUgDzy
2FLCgQ4EKBCSWS00sBpklznBk9Q1ZTEQet1xqG3CkkFIFoSRMcUHEqks80n3AXP4ZlFrCZBjoULm
oIxXRlxPkJ/JVfJRfkLjMFAdQjwsdpeq2lEzF5UTPKgUZBhS8MrgnIDkdX1loUD39hAsYqK3qvEr
Mp7fccVKodIKYRsDQ7QWsOEAf+k3IXmhvB9vFw+mi1s4VevFDmQM4q1+XhOBeH0eMDzAhyzo2CMI
RmeYfxjHYZkNY5g2BrULeeUEiQ2VBkUCO2byhoB9lK6GIVikcIVARUSlkyIkLwwEsMGB4iJHbrLz
nOmEn5o/1loEV/uv9QTyF33HqXYwHKnwpDEW9BdyRThQkCFQ71A=
--Boundary-=_nWlrBbmQBhCDarzOwKkYHIDdqSCD--
