[18242] in bugtraq
Re: [RHSA-2000:061-02] syslog format vulnerability in klogd
daemon@ATHENA.MIT.EDU (Pekka Savola)
Wed Dec 20 18:01:12 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.30.0012200130330.26344-100000@netcore.fi>
Date: Wed, 20 Dec 2000 01:33:42 +0200
Reply-To: Pekka Savola <pekkas@NETCORE.FI>
From: Pekka Savola <pekkas@NETCORE.FI>
X-To: Lionel Cons <lionel.cons@CERN.CH>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000919104833.81@c699100c9b5badcc26efde58cf40aac9>
On Tue, 19 Sep 2000, Lionel Cons wrote:
> bugzilla@REDHAT.COM writes:
> > Various vulnerabilities exist in syslogd/klogd. [...]
> >
> > 4. Solution:
> >
> > For each RPM for your particular architecture, run:
> >
> > rpm -Fvh [filename]
> >
> > where filename is the name of the RPM.
>
> I have the impression that this is not enough as the old buggy daemons
> still run. It seems necessary to run:
> # /etc/rc.d/init.d/syslog restart
>
> (Red Hat, could you add this to the rpm post install script?)
These steps have been taken for granted in the past. Of course, the
wording could be a little more precise.
Red Hat Linux 7 automatically restarts services if running (with
'condrestart') when they're upgraded. This is a new feature.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
