[LWN Logo]

Date:         Sat, 20 Nov 1999 16:05:36 -0800
From: Jeff Bilicki <jeffb@COBALTNET.COM>
Subject:      [ COBALT ] Security Advisory - syslog
To: BUGTRAQ@SECURITYFOCUS.COM

Cobalt Networks -- Security Advisory -- 11.20.1999

Problem:
The syslogd server uses a Unix Domain stream socket (/dev/log) for
receiving local log messages via syslog(3). Unix Domain stream sockets
are non connection-less, that means, that  one process is needed to
serve one client.

Description:
By opening a lot of local syslog connections a user with shell access
could stop the system from responding.

Problem and description text was taken from:
http://www.suse.de/de/support/security/suse_security_announce_31.txt

Relevant products and architectures:
Product         Architecture    	Vulnerable
Qube1		MIPS			Yes
Qube2		MIPS			Yes
RaQ1		MIPS			Yes
RaQ2		MIPS			Yes
RaQ3		x86			Yes

RPMS:
-RaQ3-
ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm
-RaQ1 RaQ2 Qube1 Qube2-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm

SRPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm


MD5 sum				Package Name
-------------------------------------------------------------
2b5f2e422a82e84237c184762a16e2f2 sysklogd-1.3.33-9C1.i386.rpm
dd4c696ef40cc0b6bf3f2a5b23cd9dcf sysklogd-1.3.33-9C2.mips.rpm

You can verify each rpm using the following command:
rpm --checksig  [package]

To install, use the following command, while logged in as root:
rpm -U [package]

The package file format (pkg) for this fix is currently in testing, and
will be available in the near future.

Jeff Bilicki
Cobalt Networks