Date: Mon, 6 Oct 2014 08:02:08 +0000 From: mancha <mancha1@...o.com> To: Rainer Gerhards <rgerhards@...adiscon.com> Cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com, joey@...odrom.org Subject: Re: sysklogd vulnerability (CVE-2014-3634) By way of update, the sysklogd maintainer (Joey) has been in touch with me and let me know sysklogd 1.5.1 which fixes the PRI/OOB issue is forthcoming. On Sun, Oct 05, 2014 at 05:01:48PM +0200, Rainer Gerhards wrote: > I have had a pretty deep look at it. Bottom line is that I couldn't > reproduce it manually either. So I checked the test environment. As it > turns out, the root cause for my ability to crash was that the test > scripts did not setup things properly for v3 ... some v5 binary > modules kept be used. Digging deeper in the old code, a crash seems as > unlikely as said in the initial report. The reason is that some > masking happens, which in turn prevents most problems with the > negative PRIs. I'll update the advisory soon. Sorry for the noise and > thanks for keeping this straight. > > Rainer Many thanks Rainer for re-doing your tests on rsyslog v3. They're consistent with my own findings on sysklogd as well as my limited testing on rsyslog 3.22.3 (after my brief $ModLoad learning curve). --mancha [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ