Vulnerability Development: Re: Possible syslogd DoS ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Possible syslogd DoS ?

From: H D Moore <hdm () secureaustin com>
Date: Fri, 5 Oct 2001 11:28:39 -0500

Are you sure tha /dev/urandom will never return a string with %[snpfdn] etc? 
Your exploit may be exploitable ;)

On Friday 05 October 2001 12:19 am, Petr Baudis wrote:


  for(;;)
  {
    fgets(buffer, sizeof(buffer), fp);
    syslog(0, buffer);
  }


Fix: syslog(0, "%s", buffer);

-- 
H D Moore
http://www.digitaldefense.net - work
http://www.digitaloffense.net - play

By Date By Thread

Current thread:

Re: Possible syslogd DoS ?, (continued)
- Re: Possible syslogd DoS ? Crist J. Clark (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
  - Re: Possible syslogd DoS ? Petr Baudis (Oct 04)
  - Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
    - Re: Possible syslogd DoS ? H D Moore (Oct 05)
    - Re: Possible syslogd DoS ? Tim Walberg (Oct 05)
    - Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
    - AnalogX Proxy SMTP server relay Claymore (Oct 05)
    - Re: AnalogX Proxy SMTP server relay Joe Stewart (Oct 06)
- Re: Possible syslogd DoS ? Pavel Kankovsky (Oct 04)