From owner-freebsd-security  Mon Apr 29 15:28:50 2002
Delivered-To: freebsd-security@freebsd.org
Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98])
	by hub.freebsd.org (Postfix) with ESMTP id AE2A037B400
	for <freebsd-security@FreeBSD.ORG>; Mon, 29 Apr 2002 15:28:46 -0700 (PDT)
Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19)
	id <24K4Z1VY>; Mon, 29 Apr 2002 15:28:45 -0700
Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF565@goofy.epylon.lan>
From: "DiCioccio, Jason" <jdicioccio@epylon.com>
To: 'Piotr Wiejaczka' <wiejak@alpha.net.pl>,
	freebsd-security@FreeBSD.ORG
Subject: RE: syslogd security bug?
Date: Mon, 29 Apr 2002 15:28:37 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cat syslog.c | sed 's/LOG_EMERG, argv\[1\]/LOG_EMERG, "%s", argv\[1\]/'

Cheers,
- -JD-

- -----Original Message-----
From: Piotr Wiejaczka [mailto:wiejak@alpha.net.pl]
Sent: Monday, April 29, 2002 2:40 PM
To: freebsd-security@FreeBSD.ORG
Subject: syslogd security bug?


Hi all.

%uname -a
FreeBSD localhost 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 12 08:20:11 CET
2002     root@:/usr/src/sys/compile/OKO2  i386

%cat syslog.c
#include <syslog.h>
#include <stdarg.h>
 
int main(int argc, char *argv[])
{
        syslog(LOG_EMERG, argv[1]);
}
 
%./syslog "blah %x %x %x %x"
 
Message from syslogd@localhost at Mon Apr 29 23:27:35 2002 ...
localhost syslog: blah 2807aebe 2 bfbffc5c bfbffd26

 
Looks like we have a format string bug inside syslogd :) 

- -- 
wiejak
FidoNet: 2:484/2.76
mailto: wiejak <at> alpha.net.pl

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPM3LYb8+wXo6G32BEQLQpgCeNjxupRIWRaShPU4Nf+K4HVDyN7cAoOHY
41sdBbuM+pzQPUkVAy37ZSpb
=kpEb
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message