Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 08:02:08 +0000
From: mancha <mancha1@...o.com>
To: Rainer Gerhards <rgerhards@...adiscon.com>
Cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com,
	joey@...odrom.org
Subject: Re: sysklogd vulnerability (CVE-2014-3634)

By way of update, the sysklogd maintainer (Joey) has been in touch with
me and let me know sysklogd 1.5.1 which fixes the PRI/OOB issue is
forthcoming.

On Sun, Oct 05, 2014 at 05:01:48PM +0200, Rainer Gerhards wrote:
> I have had a pretty deep look at it. Bottom line is that I couldn't
> reproduce it manually either. So I checked the test environment. As it
> turns out, the root cause for my ability to crash was that the test
> scripts did not setup things properly for v3 ... some v5 binary
> modules kept be used. Digging deeper in the old code, a crash seems as
> unlikely as said in the initial report. The reason is that some
> masking happens, which in turn prevents most problems with the
> negative PRIs. I'll update the advisory soon. Sorry for the noise and
> thanks for keeping this straight.
> 
> Rainer

Many thanks Rainer for re-doing your tests on rsyslog v3. They're
consistent with my own findings on sysklogd as well as my limited
testing on rsyslog 3.22.3 (after my brief $ModLoad learning curve).

--mancha

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ