|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: syslogd fun
Bollinger (troy
AUSTIN.IBM.COM)Thu, 28 Aug 1997 18:19:57 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Andrew McNaughton: "Mac MSIE 3.0 file overwrite."
- Previous message: Yuri Volobuev: "Re: syslogd fun (erratum)"
- In reply to: Yuri Volobuev: "syslogd fun"
-----BEGIN PGP SIGNED MESSAGE----- Yuri Volobuev wrote: > > AIX [is] > not so fortunate. It's on and can't be turned off in any obvious way, other > than killing syslogd. > The IBM-ERS team pointed this out to us earlier and we're currently in the build and test phase for the following APARs: Abstract: "SECURITY: syslog denial-of-service vulnerability" APAR 4.1: IX70659 APAR 4.2: IX70660 There's a temporary fix available via anonymous ftp from: ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z The AIX fix will include a new "-r" option that will turn off remote message logging. (Note that by default, remote messages will still be accepted. The AIX "-r" option is backward from the way that the Linux syslogd works.) [ it's sure nice that Aleph's back from vacation... ;-) ] - -- +---------------- Opinions are my own -------------------+ |Troy Bollinger | 92CBR600F2| |AIX Security Development | troy
- Next message: Andrew McNaughton: "Mac MSIE 3.0 file overwrite."
- Previous message: Yuri Volobuev: "Re: syslogd fun (erratum)"
- In reply to: Yuri Volobuev: "syslogd fun"