[18188] in bugtraq
Re: [RHSA-2000:061-02] syslog format vulnerability in klogd
daemon@ATHENA.MIT.EDU (Lionel Cons)
Tue Dec 19 17:52:01 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20000919104833.81@c699100c9b5badcc26efde58cf40aac9>
Date: Tue, 19 Sep 2000 10:53:23 +0200
Reply-To: Lionel Cons <lionel.cons@CERN.CH>
From: Lionel Cons <lionel.cons@CERN.CH>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200009181942.PAA16899@lacrosse.corp.redhat.com>
bugzilla@REDHAT.COM writes:
> Various vulnerabilities exist in syslogd/klogd. [...]
>
> 4. Solution:
>
> For each RPM for your particular architecture, run:
>
> rpm -Fvh [filename]
>
> where filename is the name of the RPM.
I have the impression that this is not enough as the old buggy daemons
still run. It seems necessary to run:
# /etc/rc.d/init.d/syslog restart
(Red Hat, could you add this to the rpm post install script?)
________________________________________________________
Lionel Cons http://home.cern.ch/~cons
CERN http://www.cern.ch
Hinds' 1st Law of Computer Programming
Any given program, when running, is obsolete.
