Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: neil () legless demon co uk (Neil Woods)
Date: Mon, 4 Sep 1995 23:54:54 +0100



Rob J. Nauta spewed forth:
[8LGM] Security Team dared to write:

               [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
REPEAT BY:
       We have written an example exploit to overwrite syslog(3)'s
       internal buffer using SunOS sendmail(8).  However due to the
       severity of this problem, this code will not be made available
       to anyone at this time.  Please note that the exploit was fairly
       straightforward to put together, therefore expect exploits to be
       widely available soon after the release of this advisory.

If it's so straightforward, let's have it ! I want to check my linux and
my ISP's FreeBSD. Bugtraq is FULL DISCLOSURE !! So, please post source/
scripts now !

Aye its straightforward, it took 2 hrs to get results.  Anyone who has
done some development (well more accurately debugging ;-) work, should
be able to get results quickly for the architecture they work with.

Unfortunately if we did give you (and everyone else to be fair) the exploit:

1) Linux or FreeBSD don't run sendmail v5.  The exploit is based on
v5's usage of syslog() (It just so happened that sendmail v5 was the
first daemon we looked at for exploit possibilities).

2) I can't port it to other operating systems, as I don't run either
Linsux or FreeBSD, even if you are using Sparc architectures.

3) Rampant hacking would ensue.

As for vulnerability, I believe both FreeBSD and Linux have fixes
available.

Cheers,

Neil

P.S. Next time this kind of bug crops up, expect exploits to be
available much more quickly - modifying an exploit for syslog()
would be extremely straightforward :-|

--
Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.

     ...like a badger with an afro throwing sparklers at the Pope...



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]