[Prev][Next][Index]
BoS: New vulnerabilities in syslog (libc) and the syslogd daemon
>---------- Forwarded message ----------
>Date: Tue, 16 Apr 1996 21:10:35 -0700
>From: A. Ian Vogelesang <vogelesang@hdshq.com>
>To: firewalls@greatcircle.com, fwtk-users@tis.com,
> best-of-security@suburbia.net
>Cc: carl@hdshq.com
>Subject: BoS: New vulnerabilities in syslog (libc) and the syslogd daemon
>
>As part of a continuing review of our internal systems
>for security vulnerabilities, a verification was performed
>of the ability of the syslog/syslogd system to correctly
>handle over-length messages, and to behave properly under
>heavy load conditions.
>
>As a result, a number of remaining problems with both
>syslog (in libc), and the syslogd daemon were discovered
>and corrected.
>
>As some of these vulnerabilities may be present in various
>implementations, CERT was notified last month and has in
>turn advised the vendor list.
>
>As the source for Linux is widely available, an example of
>the source patches for Linux has been made available, together
>with a test/verification program, and (optionally) Linux
>executables including patched libc.so.5.3.9 and syslogd.
>
>For more details please see:
> http://www.hdshq.com/fixes/syslog-syslogd/readme.txt
> (9645 bytes)
>
>Source, scripts, makefile, test program in
> http://www.hdshq.com/fixes/syslog-syslogd/syslog-syslogd.tar.gz
> (56008 bytes)
> http://www.hdshq.com/fixes/syslog-syslogd/syslog-syslogd.tar.Z
> (77659 bytes)
> - also contains the readme.txt (this may be all you want)
>
>Above, plus Linux ELF executables & a patched libc.so.5.3.9 in
> http://www.hdshq.com/fixes/syslog-syslogd/syslog-syslogd.linux.tar.gz
> (863934 bytes)
>
>Although I haven't gone through the exercise of determining
>if the exposures could be exploited by Bad Guys to perform
>dastardly deeds, the very fact that syslog and/or syslogd
>are segv-ing, merrily zooming off the end of buffers, stomping
>on memory and throwing away data warrants corrective action.
>
>Regards,
>
>Ian
>
>A. Ian Vogelesang
>Hitachi Data Systems
>
Ron Cohen, Tel-Aviv University Computation Center
Office 03-6407043, Home 09-663590
E-mail: rony@post.tau.ac.il, rony@rony.ac.il
Fax: (972) 3-6409118