Date: Sat, 20 Nov 1999 16:05:36 -0800 From: Jeff Bilicki <jeffb@COBALTNET.COM> Subject: [ COBALT ] Security Advisory - syslog To: BUGTRAQ@SECURITYFOCUS.COM Cobalt Networks -- Security Advisory -- 11.20.1999 Problem: The syslogd server uses a Unix Domain stream socket (/dev/log) for receiving local log messages via syslog(3). Unix Domain stream sockets are non connection-less, that means, that one process is needed to serve one client. Description: By opening a lot of local syslog connections a user with shell access could stop the system from responding. Problem and description text was taken from: http://www.suse.de/de/support/security/suse_security_announce_31.txt Relevant products and architectures: Product Architecture Vulnerable Qube1 MIPS Yes Qube2 MIPS Yes RaQ1 MIPS Yes RaQ2 MIPS Yes RaQ3 x86 Yes RPMS: -RaQ3- ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm -RaQ1 RaQ2 Qube1 Qube2- ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm SRPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm MD5 sum Package Name ------------------------------------------------------------- 2b5f2e422a82e84237c184762a16e2f2 sysklogd-1.3.33-9C1.i386.rpm dd4c696ef40cc0b6bf3f2a5b23cd9dcf sysklogd-1.3.33-9C2.mips.rpm You can verify each rpm using the following command: rpm --checksig [package] To install, use the following command, while logged in as root: rpm -U [package] The package file format (pkg) for this fix is currently in testing, and will be available in the near future. Jeff Bilicki Cobalt Networks