[18175] in bugtraq
Re: klogd format bug
daemon@ATHENA.MIT.EDU (Daniel Jacobowitz)
Tue Dec 19 16:57:14 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-ID: <20000919001925.A20921@drow.them.org>
Date: Tue, 19 Sep 2000 00:19:25 -0400
Reply-To: Daniel Jacobowitz <dmj+@ANDREW.CMU.EDU>
From: Daniel Jacobowitz <dmj+@ANDREW.CMU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <00091814160500.01006@quarks.techlinux>; from
carlos@TECHLINUX.COM.BR on Mon, Sep 18, 2000 at 02:15:08PM -0300
On Mon, Sep 18, 2000 at 02:15:08PM -0300, Carlos Eduardo Gorges wrote:
> Em seg, 18 set 2000, Jouko Pynnönen escreveu:
> > OVERVIEW
> >
> > Kernel logging daemon klogd in the sysklogd package for Linux contains a
> > "format bug" making it vulnerable to local root compromise (successfully
> > tested on Linux/x86). There's also a possibility for remote vulnerability
> > under certain (rather unprobable) circumstances and a more probable
> > semi-remote exploitableness with knfsd.
> >
>
> The patch.
As mentioned elsewhere, this patch breaks decoding of priorities in
klogd. The correct fix is to upgrade to sysklogd 1.4, available on
MetaLab and soon on a vendor near you.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
