On Tue, 17 Nov 1998, Martin Schulze wrote: > I'm the co-maintainer of the Linux sysklogd package which contains the > klogd program for which a buffer overrun has been reported last week. > > First of all I'd like to complain about two things: > > a) The reports weren't made against the current version of the > package. The source for it is well known on sunsite.unc.edu as > well as various mirrors. Reported vunerability is present in most of recent Linux distributions, including RH 5.x and Slackware 3.x, as stated in original post. I reported vunerability in these distributions. > I dare to say, but this bug was fixed *two* years ago: Heh, see above. Problem is reproductible at least on RH/Slackware distributions with latest sysklogd packages. If this problem has been fixed two years ago - huh, vendors are dumb, or noone even heard about last two years... _______________________________________________________________________ Michal Zalewski [lcamtufat_private] [ENSI / marchew] [dione.ids.pl SYSADM] [http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:44 PDT