--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Wed, Nov 11, 1998 at 11:12:09AM -0500, Neil Bright wrote: > Michal Zalewski wrote the following: >=20 > > Good morning, > > > > This time - buffer overflow in Linux klogd daemon from sysklogd-1.3 > > package (up to release 22 - affects Red Hat 5.x and Slackware 3.x, no d= ata > > about other distributions). >=20 > [snip] >=20 > This does appear to affect a (fairly) stock RH5.2 box also. In my test, > The supplied module code did cause klogd to die... >=20 > Relevant RPMS: > sysklogd-1.3-25 > kernel-2.0.36-0.7 (stock, no kernel rebuild) Same on Slackware 3.4 (kernel updated to 2.0.35). [root@koek] ~# klogd -v klogd 1.3-0 But attaching gdb to klogd shows that the character the buffer is filled wi= th only appears in eax and even there only in the lowest 8 bits.. Is this still exploitable? Greetz, Peter. --=20 'I guess anybody who walks away from a root shell at : Peter van Di= jk a nerd party gets what they deserve!' -- BillSF :peterat_private= nl -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- = -- finger hardbeat@flits104-161.flits.rug.nl for my public PGP-key - --- - --- - --- - --- - --- - --- - --- - --- - --- - --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 8NmZ8FDRmqWp1fcBFYDRTIjS97N9yD7/ iQA/AwUBNkovImxoDwIx5CYIEQJT3gCbBuT73tjdI4kEs0d+QOT1tyYpQiwAoIdd 6aMqLDlKzBlCH77T9E2x91Ya =T/rM -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:54 PDT