Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Oct 2014 15:01:12 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Cc: Solar Designer <solar@...nwall.com>, rgerhards@...adiscon.com
Subject: Re: sysklogd vulnerability (CVE-2014-3634)

On Fri, Oct 03, 2014 at 01:53:02PM +0200, Rainer Gerhards wrote:
> I didn't try out sysklogd as I was busy enough with rsyslog BUT I can
> crash unpatched rsyslog v3 and the code path in question is extremely
> similar in those two.

OK, I just graduated from my crash-course on setting up an unpatched
rsyslog 3.22.3 daemon.

I've hit it with lots of pri "vals" including: x112,
80000000000000000000000000000000, my lottery numbers, and the magical
3500000000 but am unable to crash it.

printline()'s are very similar like you say so it would be worthwhile if
we could dig a little.

Rainer, would you be able to provide a backtrace? or be more specific
about the steps you took to crash it?

--mancha

PS I've taken Joey off the CC list because he's not expressed any
interest in this and is probably busy adding to his spamassassin
rulesets.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ