Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 08:02:08 +0000
From: mancha <mancha1@...o.com>
To: Rainer Gerhards <rgerhards@...adiscon.com>
Cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com,
	joey@...odrom.org
Subject: Re: sysklogd vulnerability (CVE-2014-3634)

By way of update, the sysklogd maintainer (Joey) has been in touch with
me and let me know sysklogd 1.5.1 which fixes the PRI/OOB issue is
forthcoming.

On Sun, Oct 05, 2014 at 05:01:48PM +0200, Rainer Gerhards wrote:
> I have had a pretty deep look at it. Bottom line is that I couldn't
> reproduce it manually either. So I checked the test environment. As it
> turns out, the root cause for my ability to crash was that the test
> scripts did not setup things properly for v3 ... some v5 binary
> modules kept be used. Digging deeper in the old code, a crash seems as
> unlikely as said in the initial report. The reason is that some
> masking happens, which in turn prevents most problems with the
> negative PRIs. I'll update the advisory soon. Sorry for the noise and
> thanks for keeping this straight.
> 
> Rainer

Many thanks Rainer for re-doing your tests on rsyslog v3. They're
consistent with my own findings on sysklogd as well as my limited
testing on rsyslog 3.22.3 (after my brief $ModLoad learning curve).

--mancha

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.