Date: Mon, 6 Oct 2014 08:02:08 +0000 From: mancha <mancha1@...o.com> To: Rainer Gerhards <rgerhards@...adiscon.com> Cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com, joey@...odrom.org Subject: Re: sysklogd vulnerability (CVE-2014-3634) By way of update, the sysklogd maintainer (Joey) has been in touch with me and let me know sysklogd 1.5.1 which fixes the PRI/OOB issue is forthcoming. On Sun, Oct 05, 2014 at 05:01:48PM +0200, Rainer Gerhards wrote: > I have had a pretty deep look at it. Bottom line is that I couldn't > reproduce it manually either. So I checked the test environment. As it > turns out, the root cause for my ability to crash was that the test > scripts did not setup things properly for v3 ... some v5 binary > modules kept be used. Digging deeper in the old code, a crash seems as > unlikely as said in the initial report. The reason is that some > masking happens, which in turn prevents most problems with the > negative PRIs. I'll update the advisory soon. Sorry for the noise and > thanks for keeping this straight. > > Rainer Many thanks Rainer for re-doing your tests on rsyslog v3. They're consistent with my own findings on sysklogd as well as my limited testing on rsyslog 3.22.3 (after my brief $ModLoad learning curve). --mancha Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.