Re: klogd 1.3-22 buffer overflow

From: Neil Bright (ncbat_private)
Date: Wed Nov 11 1998 - 08:12:09 PST

Next message: pcsupportat_private: "Re: FoolProof for PC Exploit"

Previous message: Balazs Nagy: "Xinetd /tmp race?"
Next in thread: Peter van Dijk: "Re: klogd 1.3-22 buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Michal Zalewski wrote the following:

> Good morning,
>
> This time - buffer overflow in Linux klogd daemon from sysklogd-1.3
> package (up to release 22 - affects Red Hat 5.x and Slackware 3.x, no data
> about other distributions).

[snip]

This does appear to affect a (fairly) stock RH5.2 box also.  In my test,
The supplied module code did cause klogd to die...

Relevant RPMS:
  sysklogd-1.3-25
  kernel-2.0.36-0.7     (stock, no kernel rebuild)

+============ 24 68 BF F6 0E 73 53 47 80 E9 27 7D F9 35 58 4B ============+
 Neil Bright              ncbat_private            IHPCL administrator
 (404) 385-0448                                       College of Computing
 http://www.cc.gatech.edu/projects/ihpcl   Georgia Institute of Technology

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNkm3SPYNylcsgopZAQHiTwP/RNlnm5qp6QzDsNdSu7qOXIWautgAtfWE
geiXigHgqMNt9++pMm0Rev8IHI6tFJgIyZi6yFoXEhAlBoDdbCV5tLa50v8xv9mQ
oSEpGSXsuEPRsf4j1mpr+E2QDsB6ePfZSMQfHywugEbTmbxYds4e60f2kY8P7e79
95NsP6yaJns=
=ijNd
-----END PGP SIGNATURE-----

Next message: pcsupportat_private: "Re: FoolProof for PC Exploit"
Previous message: Balazs Nagy: "Xinetd /tmp race?"
Next in thread: Peter van Dijk: "Re: klogd 1.3-22 buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:49 PDT