3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
77 lines
2.3 KiB
Text
77 lines
2.3 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-96:08 Security Advisory
|
|
FreeBSD, Inc.
|
|
|
|
Topic: syslog vulnerability
|
|
|
|
Category: core
|
|
Module: libc
|
|
Announced: 1996-04-21
|
|
Affects: FreeBSD 2.0 and 2.0.5
|
|
Corrected: 1995-10-15 2.2-current and 2.1.0-release sources
|
|
Source: Generic BSD bug
|
|
FreeBSD only: no
|
|
|
|
Reference: CERT CA-95:13.syslog.vul
|
|
|
|
Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:08/
|
|
|
|
=============================================================================
|
|
|
|
I. Background
|
|
|
|
A problem was found in the syslog(3) library call that affects
|
|
FreeBSD 2.0 and FreeBSD 2.0.5 releases. This problem was
|
|
fixed prior to the release of FreeBSD 2.1.
|
|
|
|
The FreeBSD project is not aware of active exploits of this
|
|
vulnerability.
|
|
|
|
All FreeBSD users are encouraged to upgrade to a version of
|
|
FreeBSD with this vulnerability fixed.
|
|
|
|
|
|
II. Problem Description
|
|
|
|
Bounds checking for syslog error messages was not being
|
|
performed properly.
|
|
|
|
|
|
III. Impact
|
|
|
|
The problem could be exploited to gain unauthorized access to
|
|
a system running sendmail.
|
|
|
|
|
|
IV. Solution(s)
|
|
|
|
Update operating system sources and binaries to FreeBSD 2.1 or
|
|
a later release or apply the patches available at the URL
|
|
listed at the top of this bulletin and re-install the C library.
|
|
|
|
=============================================================================
|
|
FreeBSD, Inc.
|
|
|
|
Web Site: http://www.freebsd.org/
|
|
Confidential contacts: security-officer@freebsd.org
|
|
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
|
|
Security notifications: security-notifications@freebsd.org
|
|
Security public discussion: security@freebsd.org
|
|
|
|
Notice: Any patches in this document may not apply cleanly due to
|
|
modifications caused by digital signature or mailer software.
|
|
Please reference the URL listed at the top of this document
|
|
for original copies of all patches if necessary.
|
|
=============================================================================
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaLAkFUuHi5z0oilAQFxEwP/aKhjlldITj2TRdejyyVTyrbLLc8EG3Ws
|
|
e8VLwYYfaciMGf9jihZop2MxdVB/wlIR+iy2i04ULV5TUar3aiq0fmRsIxspT4vt
|
|
/HcjtrsYX52rzAqkibTTMLRPn3vU9LES1gBZZDPteA4vk43Yo+brJk/bTuxloQTY
|
|
PGw0ifIAHHM=
|
|
=KBgt
|
|
-----END PGP SIGNATURE-----
|