[2236] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Karl Strickland)
Thu Sep 14 11:55:01 1995
Date: Wed, 13 Sep 1995 18:55:10 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Karl Strickland <karl@bagpuss.demon.co.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <m0ss46H-000141C@iiit.swan.ac.uk> from "System Administrator" at
Sep 11, 95 09:20:20 am
>
> > 3) Rampant hacking would ensue.
> >
> > As for vulnerability, I believe both FreeBSD and Linux have fixes
> > available.
>
> libc4.7.2 fixed it in May.
Hmm I cant find any libc4.7.2 for FreeBSD, so I'm a confused as to
which libc you mean.
> I had assumed that their fix and log in the
> libc was what had sparked the alert..
First I've heard of libc4.7.2; but given that it was fixed in there in May,
was anyone else alerted to the presence of a bug so that other OS's could
be checked?
> ah well wrong again 8)
>
> Alan
>
> > P.S. Next time this kind of bug crops up, expect exploits to be
> > available much more quickly - modifying an exploit for syslog()
> > would be extremely straightforward :-|
>
> PS: Have a look at the source code of tin very carefully in that case.
why?
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
