Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?

From:	Mats Erik Andersson
Subject:	Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?
Date:	Sat, 18 Oct 2014 00:36:41 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

Hello again,

onsdag den  8 oktober 2014 klockan 09:41 skrev Mats Erik Andersson detta:
> fredag den  3 oktober 2014 klockan 19:51 skrev Guillem Jover detta:
> > Hi!
> > 
> > I just stumbled over this on <http://seclists.org/oss-sec/2014/q4/79>,
> > and from a cursory glance it appears as if inetutils' syslogd is also
> > vulnerable? There's a patch there that seems would apply w/o much
> > effort.
> 
> I have begun an analysis, in fact I intended to perform a review
> already earlier since there seemed to be another obscurity related
> to facility decoding.

The very needed changes have just been pushed, they resist threats as
reported in the referenced CVE-2014-3634 and add test cases to demon-
strate that kinf of capability.

Regards,
  Mats E A

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-inetutils] syslogd vulnerable to CVE-2014-3634?, Guillem Jover, 2014/10/03
- Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?, Mats Erik Andersson, 2014/10/08
  - Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?, Mats Erik Andersson <=

Prev by Date: Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?
Previous by thread: Re: [bug-inetutils] syslogd vulnerable to CVE-2014-3634?
Index(es):
- Date
- Thread