Re: Possible syslogd DoS ?

From: Tim Walberg (twalbergat_private)
Date: Fri Oct 05 2001 - 10:33:26 PDT

Next message: Petr Baudis: "Re: Possible syslogd DoS ?"

Previous message: H D Moore: "Re: Possible syslogd DoS ?"
In reply to: H D Moore: "Re: Possible syslogd DoS ?"
Next in thread: Petr Baudis: "Re: Possible syslogd DoS ?"
Next in thread: Pavel Kankovsky: "Re: Possible syslogd DoS ?"
Reply: Petr Baudis: "Re: Possible syslogd DoS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/05/2001 11:28 -0500, H D Moore wrote:
>>	Are you sure tha /dev/urandom will never return a string with %[snpfdn] etc? 
>>	Your exploit may be exploitable ;)
>>	
>>	On Friday 05 October 2001 12:19 am, Petr Baudis wrote:
>>	>
>>	>   for(;;)
>>	>   {
>>	>     fgets(buffer, sizeof(buffer), fp);
>>	>     syslog(0, buffer);
>>	>   }
>>	
>>	Fix: syslog(0, "%s", buffer);
>>	
>>	-- 
>>	H D Moore
>>	http://www.digitaldefense.net - work
>>	http://www.digitaloffense.net - play
End of included message

Another fix, althought the point of the program
is well demonstrated without it:

for(;;)
{
  fgets(buffer, sizeof(buffer), fp);
  buffer[1023] = 0;
  syslog(0, "%s", buffer);
}




-- 
twalbergat_private

application/pgp-signature attachment: stored

Next message: Petr Baudis: "Re: Possible syslogd DoS ?"
Previous message: H D Moore: "Re: Possible syslogd DoS ?"
In reply to: H D Moore: "Re: Possible syslogd DoS ?"
Next in thread: Petr Baudis: "Re: Possible syslogd DoS ?"
Next in thread: Pavel Kankovsky: "Re: Possible syslogd DoS ?"
Reply: Petr Baudis: "Re: Possible syslogd DoS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 12:34:32 PDT