Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: syslog/udp

syslog/udp

Tim Newsham (newshamuhunix.uhcc.hawaii.edu)
Sun, 20 Feb 94 12:12:10 HST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Hayes: "Re: syslog/udp"
Previous message: Rob McCool: "HTTP, CGI, and security"
Next in thread: Dave Hayes: "Re: syslog/udp"

Hi,
  If you are running syslogd on your machine and you dont receive
remote logging to that machine you should probably consider removing
the remote function of the program.  Besides being another possible
security risk a person may easily corrupt your audit logs though
this port.  It is quite easy to send fake messages to the syslogd
at any facility and level.  An easy way to fix this would probably
be to change the line:

    int nfds, readfds = FDMASK(funix) | inetm | klogm;

to

    int nfds, readfds = FDMASK(funix) | klogm;

This will keep the inet socket from ever getting selected and read.
I have not tested this however.  An access control list would
do no good here since the packets are UDP and source address is
quite easy to forge.

                                 Tim N.

Next message: Dave Hayes: "Re: syslog/udp"
Previous message: Rob McCool: "HTTP, CGI, and security"
Next in thread: Dave Hayes: "Re: syslog/udp"