[2815] in bugtraq
Re: What happened to the syslog bug ?
daemon@ATHENA.MIT.EDU (Joe Rhett)
Tue Jun 25 18:11:04 1996
Date: Tue, 25 Jun 1996 10:55:41 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Joe Rhett <joe@Navigist.Com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <1996Jun25.130309.1604.93206@ntcit-mmta6.ntc.nokia.com> from
"Gadaix Emmanuel NTC/Bangkok" at Jun 25, 96 01:14:54 pm
> In August last year 8LGM released an advisory warning about a syslog
> vulnerability. Something to do with a buffer overflow and passing commands
> to a remote site. The advisory said that exploit would not be released yet,
> in order to give time to vendors to issue patches. Now I understand that
> some vendors are pretty slow in acknowledging security problems but it
> sounds like they had enough time by now.
> Anyone considering posting details on this full disclosure list ?
Sun, HP, IBM, SGI, and SCO had patches available within 2 weeks. I've
had the patches installed for over 3 months on our systems ... what
other kind of "response" are you looking for?
