Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: perry () piermont com (Perry E. Metzger)
Date: Wed, 30 Aug 1995 01:34:13 -0400

"Rob J. Nauta" writes:

[8LGM] Security Team dared to write:


               [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
REPEAT BY:
       We have written an example exploit to overwrite syslog(3)'s
       internal buffer using SunOS sendmail(8).  However due to the
       severity of this problem, this code will not be made available
       to anyone at this time.  Please note that the exploit was fairly
       straightforward to put together, therefore expect exploits to be
       widely available soon after the release of this advisory.


If it's so straightforward, let's have it !


The report gave me more than enough information to figure out
precisely how to do what was stated. It was full disclosure from my
perspective. He told you exactly what your vulnerability is -- if you
can get syslog(3) to fandango on its stack, you can get it to execute
arbitrary code.

I managed to fix the problem without any further information. See my
patch of this morning.


I want to check my linux and my ISP's FreeBSD. Bugtraq is FULL
DISCLOSURE !! So, please post source/ scripts now !


I don't see that you need an exploit script to check this. Simply
checking your implementation of syslog(3) is enough. If you can't read
C source code, well, sorry.

Perry
Previous By Date Next
Previous By Thread Next

Current thread: