Re: syslogd security bug?
From: Nicolas Rachinsky (list@rachinsky.de)
Date: 04/29/02
- Next message: Crist J. Clark: "Re: Stateful IPFW Firewall Assistance"
- Previous message: mike: "mailing list"
- In reply to: Piotr Wiejaczka: "syslogd security bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Apr 2002 23:49:00 +0200 From: Nicolas Rachinsky <list@rachinsky.de> To: freebsd-security@FreeBSD.ORG
* Piotr Wiejaczka <wiejak@alpha.net.pl> [2002-04-29 23:39:44 +0200]:
> Hi all.
>
> %uname -a
> FreeBSD localhost 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 12 08:20:11 CET
> 2002 root@:/usr/src/sys/compile/OKO2 i386
>
> %cat syslog.c
> #include <syslog.h>
> #include <stdarg.h>
>
> int main(int argc, char *argv[])
> {
> syslog(LOG_EMERG, argv[1]);
> }
>
> %./syslog "blah %x %x %x %x"
>
> Message from syslogd@localhost at Mon Apr 29 23:27:35 2002 ...
> localhost syslog: blah 2807aebe 2 bfbffc5c bfbffd26
>
>
> Looks like we have a format string bug inside syslogd :)
man 3 syslog
I think this is the intended behaviour, the format string bug is in
your program.
Nicolas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Crist J. Clark: "Re: Stateful IPFW Firewall Assistance"
- Previous message: mike: "mailing list"
- In reply to: Piotr Wiejaczka: "syslogd security bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
