Date: Tue, 23 Apr 96 06:08:28 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: freebsd@bcl.com Cc: freebsd-security@freebsd.org Subject: Re: CA-95:13 syslog problem Message-ID: <199604231308.GAA01064@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Tue, 23 Apr 96 09:27:44 -0000." <199604230830.JAA04756@mitre.bcl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> Can anyone confirm if FreeBSD 2.1.0-RELEASE is vulnerable to the
> syslog problem as described in CERT advisory CA-95:13 and if so the
> current state/location of a patch to solve this problem.
I don't believe the bug exists as the following test program should
dump core or at least issue a message stating snprintf is broken.
#include <stdio.h>
#include <syslog.h>
static char x[6]= {'H','E','L','L','O',0};
void main()
{
char buf[4096];
int ct;
for(ct=0;ct<4095;ct++)
buf[ct]='X';
openlog("testprog",LOG_PID, LOG_AUTHPRIV);
printf("Check snprintf\n");
snprintf(x,3,buf);
if(x[4]!='O')
fprintf(stderr,"snprintf is broken\n");
printf("Testing syslog\n");
syslog(LOG_ERR|LOG_USER,buf);
closelog();
}
>
> Bob
>
>
> ---
> FreeBSD Mail Lists, | Email: freebsd@bcl.com | Human Contact:
> BCL International | WWW: http://www.bcl.com/ | Bob Dickel,
> 18-20 Farringdon Lane, | Tel: 0171 251 1125 | Technical Support
> LONDON, EC1R 3AU. | Fax: 0171 251 4902 | Email: bob@bcl.com
>
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
ITSD Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604231308.GAA01064>