[2178] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Aug 31 13:39:07 1995
Date: Wed, 30 Aug 1995 01:30:07 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Tue, 29 Aug 1995 10:32:05 BST."
<199508290932.KAA12873@puffball.demon.co.uk>
Tim Rylance writes:
> > We have written an example exploit to overwrite syslog(3)'s
> > internal buffer using SunOS sendmail(8).
>
> A quick look at the FreeBSD-current syslog.c and the latest sendmail
> source suggests that
>
> a) turning off mail.debug logging in /etc/syslog.conf will protect you
> (from this particular exploit)
This is a syslog(3) problem, not a syslogd problem, so touching
/etc/syslog.conf would do nothing.
> b) sendmail 8.6.6 and later take care not to log long strings and
> may be safe (from this particular exploit).
I'm not 100% sure of how safe the code is. Given that other daemons
are also potentially unsafe I'm being paranoid and just fixing the
library.
Perry
