[2262] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Jim Shankland)
Fri Sep 22 13:41:41 1995
Date: Fri, 22 Sep 1995 09:27:34 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Jim Shankland <jas@flyingfox.COM>
X-To: BUGTRAQ@crimelab.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Casper Dik <casper@Holland.Sun.COM> write:
> The simple facts are:
> - all sendmails are vulnerable
> - it's a syslog() problem, not really a sendmail problem.
Well, sort of. sendmail 8.6.12 jumps through all sorts of hoops
to limit the size of its syslog() output. You're right, of course,
that it really is a syslog() bug, and that's where the fix needs
to be. The output-limiting stuff in 8.6.12 is a hack, but it
*looks* as thought it would prevent this attack. For all the
obvious reasons, it's still essential to fix syslog(). Still, it
would have been more accurate to say:
The simple facts are:
- all sendmails are vulnerable, BUT some are much
more vulnerable than others.
Jim Shankland
Flying Fox Computer Systems, Inc.
