Re: Responses to syslogd killing

Zack Weinberg (zack@RABI.PHYS.COLUMBIA.EDU)
Tue, 21 Oct 1997 17:25:44 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Secure Networks Inc.: "SNI-20: Telnetd tgetent vulnerability"
Previous message: Secure Networks Inc.: "SNI-19: BSD lpd vulnerabilities (UPDATE)"
Maybe in reply to: lb: "Responses to syslogd killing"

On Tue, 21 Oct 1997 14:45:01 -0400, lb wrote:
> Also, alot of people are under the impression that this has nothing
>to do with DNS. I tried it many times to make sure, because it seemed
>exploitable to me.. I would watch the syslog message come in, watch
>the DNS query go out, and then watch syslogd die. If I inserted a DNS
>entry for the IP in question, syslogd would query and work fine.. if I
>removed the DNS entry again, syslogd would crash. Perhaps you're right..
>but I'll stick to my assumption. hoho.

I have encountered this bug too. It can crop up in benign situations
such as when you have an HP network printer with no name configured to
do network logging. In this case it suffices to add an entry to
/etc/hosts to prevent the bug -- probably the code neglects to check
the return value of gethostbyaddr().

Next message: Secure Networks Inc.: "SNI-20: Telnetd tgetent vulnerability"
Previous message: Secure Networks Inc.: "SNI-19: BSD lpd vulnerabilities (UPDATE)"
Maybe in reply to: lb: "Responses to syslogd killing"