Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Wed, 13 Sep 1995 18:55:10 +0100



3) Rampant hacking would ensue.

As for vulnerability, I believe both FreeBSD and Linux have fixes
available.

libc4.7.2 fixed it in May.

Hmm I cant find any libc4.7.2 for FreeBSD, so I'm a confused as to
which libc you mean.

I had assumed that their fix and log in the
libc was what had sparked the alert..

First I've heard of libc4.7.2; but given that it was fixed in there in May,
was anyone else alerted to the presence of a bug so that other OS's could
be checked?

ah well wrong again 8)

Alan

P.S. Next time this kind of bug crops up, expect exploits to be
available much more quickly - modifying an exploit for syslog()
would be extremely straightforward :-|

PS: Have a look at the source code of tin very carefully in that case.

why?


--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk
                                          |



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]