|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SunOS syslog() fix, finally...
Jay 'Whip' Grizzard (elfchief
LUPINE.ORG)Fri, 3 Nov 1995 12:13:42 -0800
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Scott Barman: "Re: a point is being missed"
- Previous message: Paul Leyland: "Linux and DEC patches available for CA-95:14 Telnetd Vulnerability"
- Next in thread: Casper Dik: "Re: SunOS syslog() fix, finally..."
Looks like SUN finally got their libc patch out to fix the syslog() bug --
On sunsolve1.sun.com there is /pub/patches/102545-03.tar.Z, which
is the int'l version of the SunOS 4.1.4 patch, which has in its README,
among other things:
Problem Description:
1220511 --> mktime() doesn't care leap year.
1222421 --> Patch 102545-02 changed clnt_udp.o but should not.
1190985 --> gethostbyname() can trash an existing open file descriptor.
1197137 --> NFS server crashed w/ "Panic: Bad Trap" when NFS client
do a "find" over T1 link.
1182835 --> portmapper silently fails with version mismatch by PC-NFS client.
1219835 --> Syslog(3) can be abused to gain root access on 4.X systems
There is also a 4.1.3_U1 int'l libc jumbo patch (101558-07) that also
claims to fix the bug. Off the top of my head, though, I don't see a
domestic version of the patch -- It should be simple enough to extract
syslog.o from one and drop it in your existing libraries, though... I'm
going to give it a shot later and see what I see.
-WW
- Next message: Scott Barman: "Re: a point is being missed"
- Previous message: Paul Leyland: "Linux and DEC patches available for CA-95:14 Telnetd Vulnerability"
- Next in thread: Casper Dik: "Re: SunOS syslog() fix, finally..."