mailing list archives
From: paul () argo demon co uk (Paul Ashton)
Date: Mon, 18 Sep 1995 23:03:00 BST
Sun definitely know about this bug and are dealing with it, though
not very quickly. A patch will be announced in due course. If you
wish to raise a bug report yourself simply email a copy of the program
that was sent on bugtraq earlier containing a call to syslog() that
creates a core dump. It is not necessary to reproduce the security
hole in order to request a patch. Also, it is worth noting that the
syslog fix will not fix all problems with sendmail as I have been able
to core dump sendmail with several other stack overwrites even after
disabling syslog() altogether.
The hole has nothing at all to do with syslogd, so tell them where to
ps. If you want any further information, please let me know.