[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?

From: Mats Erik Andersson
Subject: Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?
Date: Sat, 18 Oct 2014 00:36:41 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

Hello again,

onsdag den  8 oktober 2014 klockan 09:41 skrev Mats Erik Andersson detta:
> fredag den  3 oktober 2014 klockan 19:51 skrev Guillem Jover detta:
> > Hi!
> > 
> > I just stumbled over this on <http://seclists.org/oss-sec/2014/q4/79>,
> > and from a cursory glance it appears as if inetutils' syslogd is also
> > vulnerable? There's a patch there that seems would apply w/o much
> > effort.
> I have begun an analysis, in fact I intended to perform a review
> already earlier since there seemed to be another obscurity related
> to facility decoding.

The very needed changes have just been pushed, they resist threats as
reported in the referenced CVE-2014-3634 and add test cases to demon-
strate that kinf of capability.

  Mats E A

reply via email to

[Prev in Thread] Current Thread [Next in Thread]