breeze/inetutils
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/inetutils.git synced 2026-01-12 00:19:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bsd-lite1
inetutils/syslogd
History
Miles Bader 6dca2093d7 4.4BSD-Lite distribution
1997-03-01 16:17:24 +00:00
..
.cvsignore
Build maintenance
2001-05-08 05:41:15 +00:00
Makefile.am
2009-04-30 Alfred M. Szmidt <ams@gnu.org>
2009-04-30 11:02:11 +00:00
README.sec
updates.
1999-04-18 00:12:47 +00:00
syslog.conf.5
4.4BSD-Lite distribution
1997-03-01 16:17:24 +00:00
syslogd.8
4.4BSD-Lite distribution
1997-03-01 16:17:24 +00:00
syslogd.c
4.4BSD-Lite distribution
1997-03-01 16:17:24 +00:00

README.sec 

CERT* Advisory CA-95.13

Original issue date: October 19, 1995
Last revised: September 23, 1997 
Updated copyright statement 

Description

The syslog(3) subroutine uses an internal buffer for building messages 
that are sent to the syslogd(8) daemon. This subroutine does no range 
checking on data stored in this buffer. It is possible to overflow the 
internal buffer and rewrite the subroutine call stack. It is then 
possible to execute arbitrary programs. 

This problem is present in virtually all versions of the UNIX Operating 
System except the following: 


	Sony's NEWS-OS 6.X
		SunOS 5.5 (Solaris 2.5)
    	Linux with libc version 4.7.2 released in May, 1995 


	The sendmail(8) program uses the syslog(3) subroutine, and a script has 
	been written and is being used to exploit the vulnerability.