[prev in list] [next in list] [prev in thread] [next in thread] 

List:       best-of-security
Subject:    patch to latest 8lgm exploit posted
From:       Julian Assange <proff () suburbia ! net>
Date:       1995-08-29 11:22:50
[Download RAW message or body]

Forwarded message:
>From firewalls-owner@GreatCircle.COM Tue Aug 29 20:03:06 1995
Date: Tue, 29 Aug 1995 05:24:36 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Message-Id: <199508290924.FAA19073@frankenstein.piermont.com>
To: firewalls@greatcircle.com
Subject: patch to latest 8lgm exploit posted
Reply-to: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Sender: firewalls-owner@GreatCircle.COM
Precedence: bulk


I posted a patch to the bugtraq mailing list that (hopefully) fixes
the latest 8lgm security vulnerability, which potentially allows
anyone on the net to break in via any daemon that uses
syslog. Unfortunately, my patch only works on 4.4lite BSD machines
such as NetBSD, BSDI, and FreeBSD. I have no sources available on
other platforms with which to fix the problem. Luckily, the only real
problem in porting the patch, if you have sources to your operating
system, should be finding an snprintf(3) for those platforms that lack
it (such as Suns).

Yet another reason to be running OSes to which you have source. :-)

Why am I telling firewalls? Because you can break in through most
firewalls using this technique -- it can be used to attack sendmail
daemons that you don't have direct access to by sending mail to them.

Perry


-- 
+----------------------------------+-----------------------------------------+
|          Julian Assange          | "if you think the United  States has    |
|                                  |  has stood still, who built the largest |
|        proff@suburbia.net        |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+

[prev in list] [next in list] [prev in thread] [next in thread]