Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: scorp () un kiev ua (Slava Kritov)
Date: Tue, 5 Sep 1995 14:26:49 +0300

Hi !

has anyone bothered to check IRIX, OSF, etc. etc. etc. ?

I've already posted some testing of FreeBSD & OSF 3.2 ( Digital Unix ) in
certain security-related newsgroups, so sorry for dupes all who had read
that already.

Tests shows that
a) FreeBSD - max buffer size ~ 1700, the calling program
coredumps on 11. Although this is NOT the major problem, since sendmail
by itself ( at least 8.6.12 ) conducts extensive tests on values fed in
thus making this direction of attacks highly unprobable.
b) Dec Alpha AXP 2100 OSF 3.2 ( Digital Unix from now & forever :) -
max buffer size ~1600, silently ignores longer messages, no malfunctions
/ posteffects detected

I'd like to see some sort of a robust test for the freaking
thing that wasn't platform dependent, or at least had good
assurance of adressing the problem.

Why not, that base program that was posted doesn't require modifications
to run on my platforms ( Dec, PC ).
I actually added a short loop incrementing the length of the buffer in
100 bytes chunks.
The only thing you should check is the log level - some syslogd's have
certain levels disabled/specifically configured etc.

just my whacky perceptions... Really neither here nor there.

The only person you can trust in this world is yourself ....
Maybe ...

tfs () vampire science gmu edu (NeXTmail, MIME)  Tim Scanlon
[flames off]
This should partially explain the dark mood of the author ;)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]