[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?
From: |
Mats Erik Andersson |
Subject: |
Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634? |
Date: |
Sat, 18 Oct 2014 00:36:41 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hello again,
onsdag den 8 oktober 2014 klockan 09:41 skrev Mats Erik Andersson detta:
> fredag den 3 oktober 2014 klockan 19:51 skrev Guillem Jover detta:
> > Hi!
> >
> > I just stumbled over this on <http://seclists.org/oss-sec/2014/q4/79>,
> > and from a cursory glance it appears as if inetutils' syslogd is also
> > vulnerable? There's a patch there that seems would apply w/o much
> > effort.
>
> I have begun an analysis, in fact I intended to perform a review
> already earlier since there seemed to be another obscurity related
> to facility decoding.
The very needed changes have just been pushed, they resist threats as
reported in the referenced CVE-2014-3634 and add test cases to demon-
strate that kinf of capability.
Regards,
Mats E A