[2252] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Paul Ashton)
Tue Sep 19 11:12:21 1995
Date: Mon, 18 Sep 1995 23:03:00 BST
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Paul Ashton <paul@argo.demon.co.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Sun definitely know about this bug and are dealing with it, though
not very quickly. A patch will be announced in due course. If you
wish to raise a bug report yourself simply email a copy of the program
that was sent on bugtraq earlier containing a call to syslog() that
creates a core dump. It is not necessary to reproduce the security
hole in order to request a patch. Also, it is worth noting that the
syslog fix will not fix all problems with sendmail as I have been able
to core dump sendmail with several other stack overwrites even after
disabling syslog() altogether.
The hole has nothing at all to do with syslogd, so tell them where to
go.
Paul
ps. If you want any further information, please let me know.
