On Tue, 17 Nov 1998, Martin Schulze wrote:
> I'm the co-maintainer of the Linux sysklogd package which contains the
> klogd program for which a buffer overrun has been reported last week.
>
> First of all I'd like to complain about two things:
>
> a) The reports weren't made against the current version of the
> package. The source for it is well known on sunsite.unc.edu as
> well as various mirrors.
Reported vunerability is present in most of recent Linux distributions,
including RH 5.x and Slackware 3.x, as stated in original post. I reported
vunerability in these distributions.
> I dare to say, but this bug was fixed *two* years ago:
Heh, see above. Problem is reproductible at least on RH/Slackware
distributions with latest sysklogd packages. If this problem has been
fixed two years ago - huh, vendors are dumb, or noone even heard about
last two years...
_______________________________________________________________________
Michal Zalewski [lcamtufat_private] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:44 PDT