Yuri Volobuev wrote:
>
> AIX [is]
> not so fortunate. It's on and can't be turned off in any obvious way, other
> than killing syslogd.
>
The IBM-ERS team pointed this out to us earlier and we're currently in
the build and test phase for the following APARs:
Abstract: "SECURITY: syslog denial-of-service vulnerability"
APAR 4.1: IX70659
APAR 4.2: IX70660
There's a temporary fix available via anonymous ftp from:
ftp://testcase.software.ibm.com/aix/fromibm/security.syslogd.tar.Z
The AIX fix will include a new "-r" option that will turn off remote
message logging. (Note that by default, remote messages will still be
accepted. The AIX "-r" option is backward from the way that the Linux
syslogd works.)
[ it's sure nice that Aleph's back from vacation... ;-) ]
- --
+---------------- Opinions are my own -------------------+
|Troy Bollinger | 92CBR600F2|
|AIX Security Development | troy@austin.ibm.com|
+----------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBNAYHncjqvEm3eDEpAQE+nQQAu3edXl4CdAFc3y6vuz6EPtVIBf9pnrX8
aUIH5PWg7FD7p3JqCX22fKjZgw80XvxMqCARwXPMbehFTcTonNp8tq4cqsf6bHEm
Httume7RE1c2NjX8NAaLjxdjotbiy3ngetFtpApCztXFWLOslWcYInUjMSS2OHGE
NQ6hQqYRQe8=
=RumK
-----END PGP SIGNATURE-----