|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: klogd format bug
From: Carlos Eduardo Gorges (carlos
TECHLINUX.COM.BR)Date: Mon Sep 18 2000 - 12:15:08 CDT
- Next message: Markus Kern: "Re: Double clicking on MS Office documents from Windows Explorer mayexecute arbitrary programs in some cases"
- Previous message: Steube, Jens: "Horde library Bug part 2"
- In reply to: Jouko Pynnönen: "klogd format bug"
- Reply: Carlos Eduardo Gorges: "Re: klogd format bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Em seg, 18 set 2000, Jouko Pynnönen escreveu:
> OVERVIEW
>
> Kernel logging daemon klogd in the sysklogd package for Linux contains a
> "format bug" making it vulnerable to local root compromise (successfully
> tested on Linux/x86). There's also a possibility for remote vulnerability
> under certain (rather unprobable) circumstances and a more probable
> semi-remote exploitableness with knfsd.
>
The patch.
-- _________________________ Carlos E Gorges (carlos
- application/octet-stream attachment: sysklogd-1.3-31-formatbug.diff.bz2
- Next message: Markus Kern: "Re: Double clicking on MS Office documents from Windows Explorer mayexecute arbitrary programs in some cases"
- Previous message: Steube, Jens: "Horde library Bug part 2"
- In reply to: Jouko Pynnönen: "klogd format bug"
- Reply: Carlos Eduardo Gorges: "Re: klogd format bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]