blob: 64dc9a4e7af9ce8d63ef7f199f8f8deca7452d7a (
plain) (
tree)
|
|
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-96:08 Security Advisory
FreeBSD, Inc.
Topic: syslog vulnerability
Category: core
Module: libc
Announced: 1996-04-21
Affects: FreeBSD 2.0 and 2.0.5
Corrected: 1995-10-15 2.2-current and 2.1.0-release sources
Source: Generic BSD bug
FreeBSD only: no
Reference: CERT CA-95:13.syslog.vul
Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:08/
=============================================================================
I. Background
A problem was found in the syslog(3) library call that affects
FreeBSD 2.0 and FreeBSD 2.0.5 releases. This problem was
fixed prior to the release of FreeBSD 2.1.
The FreeBSD project is not aware of active exploits of this
vulnerability.
All FreeBSD users are encouraged to upgrade to a version of
FreeBSD with this vulnerability fixed.
II. Problem Description
Bounds checking for syslog error messages was not being
performed properly.
III. Impact
The problem could be exploited to gain unauthorized access to
a system running sendmail.
IV. Solution(s)
Update operating system sources and binaries to FreeBSD 2.1 or
a later release or apply the patches available at the URL
listed at the top of this bulletin and re-install the C library.
=============================================================================
FreeBSD, Inc.
Web Site: http://www.freebsd.org/
Confidential contacts: security-officer@freebsd.org
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
Security notifications: security-notifications@freebsd.org
Security public discussion: security@freebsd.org
Notice: Any patches in this document may not apply cleanly due to
modifications caused by digital signature or mailer software.
Please reference the URL listed at the top of this document
for original copies of all patches if necessary.
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMaLAkFUuHi5z0oilAQFxEwP/aKhjlldITj2TRdejyyVTyrbLLc8EG3Ws
e8VLwYYfaciMGf9jihZop2MxdVB/wlIR+iy2i04ULV5TUar3aiq0fmRsIxspT4vt
/HcjtrsYX52rzAqkibTTMLRPn3vU9LES1gBZZDPteA4vk43Yo+brJk/bTuxloQTY
PGw0ifIAHHM=
=KBgt
-----END PGP SIGNATURE-----
|