Bugtraq: Re: syslogd fun

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: syslogd fun

From: troy () AUSTIN IBM COM (Bollinger)
Date: Thu, 28 Aug 1997 18:19:57 -0500


-----BEGIN PGP SIGNED MESSAGE-----

Yuri Volobuev wrote:


AIX [is]
not so fortunate.  It's on and can't be turned off in any obvious way, other
than killing syslogd.


The IBM-ERS team pointed this out to us earlier and we're currently in
the build and test phase for the following APARs:

   Abstract:  "SECURITY: syslog denial-of-service vulnerability"
   APAR 4.1:  IX70659
   APAR 4.2:  IX70660

There's a temporary fix available via anonymous ftp from:

   ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z

The AIX fix will include a new "-r" option that will turn off remote
message logging.  (Note that by default, remote messages will still be
accepted.  The AIX "-r" option is backward from the way that the Linux
syslogd works.)

[ it's sure nice that Aleph's back from vacation... ;-) ]
- --
+----------------  Opinions are my own  -------------------+
|Troy Bollinger             |                    92CBR600F2|
|AIX Security Development   |           troy () austin ibm com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBNAYHncjqvEm3eDEpAQE+nQQAu3edXl4CdAFc3y6vuz6EPtVIBf9pnrX8
aUIH5PWg7FD7p3JqCX22fKjZgw80XvxMqCARwXPMbehFTcTonNp8tq4cqsf6bHEm
Httume7RE1c2NjX8NAaLjxdjotbiy3ngetFtpApCztXFWLOslWcYInUjMSS2OHGE
NQ6hQqYRQe8=
=RumK
-----END PGP SIGNATURE-----

By Date By Thread

Current thread:

syslogd fun Yuri Volobuev (Aug 27)
- Mac MSIE 3.0 file overwrite. Andrew McNaughton (Aug 28)
- Re: syslogd fun Bollinger (Aug 28)