Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Wed, 13 Sep 1995 18:55:10 +0100

3) Rampant hacking would ensue.

As for vulnerability, I believe both FreeBSD and Linux have fixes

libc4.7.2 fixed it in May.

Hmm I cant find any libc4.7.2 for FreeBSD, so I'm a confused as to
which libc you mean.

I had assumed that their fix and log in the
libc was what had sparked the alert..

First I've heard of libc4.7.2; but given that it was fixed in there in May,
was anyone else alerted to the presence of a bug so that other OS's could
be checked?

ah well wrong again 8)


P.S. Next time this kind of bug crops up, expect exploits to be
available much more quickly - modifying an exploit for syslog()
would be extremely straightforward :-|

PS: Have a look at the source code of tin very carefully in that case.


Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]