[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: syslogd security ?

From: Marcus Brinkmann
Subject: Re: syslogd security ?
Date: Fri, 24 Nov 2000 12:12:27 +0100
User-agent: Mutt/1.1.4i

On Thu, Nov 23, 2000 at 11:58:36PM -0500, Alain Magloire wrote:
> Good news, cast is off ... ye !!! A few physio workout and I'm
> back rocking.

> Bad news, my machine's been crack.


> I left my machine
> running as a way to test the inetutils tools, ftp rlogin etc ...
> except that I forgot to update inetd and syslogd.  So
> both(ined and syslogd) were the default stock from Red Hat 6.1 (or
> was it 5.2 ???)
> Now I can not confirm is this was a syslogd buffer overflow
> thing or another inetd services ...
> Speculation ?
> In any case excerpt from a syslogd messages:
> ---------------syslogd /var/log/messages ---------------------------
> Nov 20 15:08:12 reliant
> Nov 20 15:08:12 reliant syslogd: Cannot glue message parts together
> Nov 20 15:08:12 reliant 173>Nov 20 15:08:12 rpc.statd[504]: gethostbyname 
> error

That's an old exploit of rpc.statd in the nfs package. Debian has an
announcement from Jul 2000 here:

This has nothing to do with syslogd in particular. It's just that the full
blurb of non-printable is too long to fit in the message buffer, and thus
truncated. Note that our version of syslogd doesn't support multiple message
parts, and will truncate even earlier.

I wouldn't hold my hand in fire for my analysis, but I think it is correct.


`Rhubarb is no Egyptian god.' Debian http://www.debian.org address@hidden
Marcus Brinkmann              GNU    http://www.gnu.org    address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]