Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999-q4

Bugtraq Archives: DoS with sysklogd, glibc (Caldera)

DoS with sysklogd, glibc (Caldera)

Alfred Huger (ahSECURITYFOCUS.COM)
Mon, 22 Nov 1999 09:08:08 -0800

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ussr Labs: "Re: WordPad/riched20.dll buffer overflow"
Previous message: Georgi Guninski: "IE 5.0 XML HTTP redirect problems"
Next in thread: Balazs Scheidler: "Re: DoS with sysklogd, glibc (Caldera)"
Reply: Balazs Scheidler: "Re: DoS with sysklogd, glibc (Caldera)"

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
Caldera Systems, Inc. Security Advisory

Subject: DoS with sysklogd, glibc
Advisory number: CSSA-1999-035.0
Issue date: 1999 November, 17
Cross reference:
______________________________________________________________________________

1. Problem Description

On Linux, most services do not log informational or error messages
to their own files, but use the system log daemon, syslogd, for this.

   Unfortunately, the current syslogd has a problem by which any
   user on the local host can mount a denial of service attack that
   effectively stops all logging. Since all programs that want to send
   logging information to syslogd block until they're able to establish
   a connection to syslogd, this will make programs such as login, su,
   sendmail, telnetd, etc hang indefinitely.

2. Vulnerable Versions

Systems : previous to COL 2.3
Packages: previous to sysklogd-1.3.31-4

3. Solutions

Workaround: none

The proper solution is to upgrade to the latest packages

rpm -U sysklogd-1.3.31-4.i386.rpm

** Make sure to reboot the machine after installing the fixed RPM. **

4. Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS

5. Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -U sysklogd-1.3.31-4.i386.rpm

6. Verification

a3a5aba891db83dbb0e31b01879011ac RPMS/sysklogd-1.3.31-4.i386.rpm
2bdf1431d3a487ee15e2323d61da2366 SRPMS/sysklogd-1.3.31-4.src.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 5074

Caldera wishes to thank Alex Kuznetisov, Alan Cox, and Bill
Nottingham (the latter two of RedHat, Inc.) for their cooperation.

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBODLqhun+9R4958LpAQGJhAP/QNQN3DZZuDOuJFAsTmZNpQ36L28xhfvm
Ki2P3ILnVFKrfsYELP3c0HZmFI3JsLBC0F9HXBAnIbNo+SiMLounIwimT0oXaX62
OeTrqFqBVhCQAfXdD1ab2+Pp+/j1kBtRY8tYag7v6qmXoruj9i1lBcPtG35MiegZ
ZDJmuOBgFxg=
=b4rp
-----END PGP SIGNATURE-----

Next message: Ussr Labs: "Re: WordPad/riched20.dll buffer overflow"
Previous message: Georgi Guninski: "IE 5.0 XML HTTP redirect problems"
Next in thread: Balazs Scheidler: "Re: DoS with sysklogd, glibc (Caldera)"
Reply: Balazs Scheidler: "Re: DoS with sysklogd, glibc (Caldera)"

This archive was generated by hypermail 2.0b3 on Mon Nov 22 1999 - 13:38:01 CST