Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Possible syslogd DoS ?
From: Tim Walberg <twalberg () mindspring com>
Date: Fri, 5 Oct 2001 12:33:26 -0500
On 10/05/2001 11:28 -0500, H D Moore wrote:

     Are you sure tha /dev/urandom will never return a string with %[snpfdn] etc? 
     Your exploit may be exploitable ;)
     
     On Friday 05 October 2001 12:19 am, Petr Baudis wrote:
     >
     >   for(;;)
     >   {
     >     fgets(buffer, sizeof(buffer), fp);
     >     syslog(0, buffer);
     >   }
     
     Fix: syslog(0, "%s", buffer);
     
     -- 
     H D Moore
     http://www.digitaldefense.net - work
     http://www.digitaloffense.net - play

End of included message

Another fix, althought the point of the program
is well demonstrated without it:

for(;;)
{
  fgets(buffer, sizeof(buffer), fp);
  buffer[1023] = 0;
  syslog(0, "%s", buffer);
}




-- 
twalberg () mindspring com

Attachment: _bin
Description:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]