[2193] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Jay 'Whip' Grizzard)
Fri Sep 1 04:36:57 1995
Date: Tue, 29 Aug 1995 17:03:59 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: "Jay 'Whip' Grizzard" <elfchief@lupine.org>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199508291303.PAA25239@iaehv.IAEhv.nl> from "Rob J. Nauta" at Aug
29, 95 03:03:13 pm
> >REPEAT BY:
> > We have written an example exploit to overwrite syslog(3)'s
> > internal buffer using SunOS sendmail(8). However due to the
> > severity of this problem, this code will not be made available
> > to anyone at this time. Please note that the exploit was fairly
> > straightforward to put together, therefore expect exploits to be
> > widely available soon after the release of this advisory.
>
> If it's so straightforward, let's have it ! I want to check my linux and
> my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/
> scripts now !
Actually, (not to get into a religious war), I would consider what 8lgm
has done to _BE_ full-disclosure. Full disclosure means giving full details
about a hole (which 8lgm DID, in this case, kudos to them!), not necesarilly
giving exploit scripts so that everyone and their brother can start breaking
into systems.
ObBugTraq: You can check to see if you are vurnerable by reading the source
for your C shared library. Look at the code for the syslog() routine,
and see if it has protections to keep from writing off the end of the
static-size buffer it uses to send the message to syslogd. If it doesn't
have a "safety net," it's vurnerable.
-WW
