Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: sten () ergon CH (Sten Gunterberg)
Date: Thu, 21 Sep 1995 15:59:03 +0200
From goetz () open CH Wed Sep 20 00:18:14 1995On Sep 19, 4:33pm, Sten Gunterberg wrote: There's no patch yet, but Sun is apparently working on one. The Bug-IDs are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x. Try to give those to local Sun support and see what happens :-)Solaris 2.x ??? - I thought this is a BSD problem? Are you telling me that *all* my Solaris boxes are vulnerable too?
I don't know if Solaris 2.x is vulnerable too and Sun does not know for sure either. On the SunSolve gateway (sunsolve.sun.ch) the following info regarding bug ID 1220257 can be found (the original included the 8lgm advisory, which I deleted, we've seen it enough times): --- begin quoted material --- Bug Id: 1220257 Category: library Subcategory: libc State: fixed Release summary: 5.4, sol2.4_hw11_94, 2.3, s495_beta, 5.3, 2.4, s495 Synopsis: Syslog(3) possibly can be abused to gain root access on Solaris 2.x systems Integrated in releases: Patch id: Description: The following advisory has been issued from 8LGM. Only SunOS 4.1.x is known to be affected by this security hole, but the Solaris 2 code is very similar in this area, so we should plug the hole, hopefully before 2.5 FCS. This bug is intended for all Solaris 2.x reports of this problem. The problem will be addressed for SunOS 4.x through Bug ID 1219835. [ included 8lgm advisory deleted ] Although the security hole has not yet been replicated on a Solaris 2.x system, the syslog code is very similar between SunOS 4.1.x and Solaris 2.x. Therefore, it may be possible to break security on a Solaris 2 system in the same way as has been done on SunOS 4. Copyright 1994 Sun Microsystems, Inc. 2550 Garcia Ave., Mt. View, CA 94043-1100 USA All rights reserved --- end of quoted material --- Note that this claims the bug to be fixed, but not integrated in any release. Therefore it's almost certainly not fixed in 4.1.4. Also, no patch has been issued yet.
Also local Sun support told me that the patch for Bug 1219835 has been integrated into SunOS 4.1.4 and there probably won't be a patch for older versions! Here's the bug info they sent me: Bug Id: 1219835 Product: sunos Category: utility Subcategory: other Release summary: 4.1.3, 4.1.4, 4.1.3_U1, 4.1 Bug/Rfe: bug State: integrated
Hmm. The SunSolve gateway mentioned above states the following for 1219835: Bug Id: 1219835 Category: utility Subcategory: other State: fixed Release summary: 4.1.3_U1, 4.1.4, 4.1.3, no-v4, 4.1, 5.4, 5.3 Synopsis: Syslog(3) can be abused to gain root access on 4.X systems Integrated in releases: Patch id: Description: ---> Not integrated in any release and no patch.
So why would there be a test patch for SunOS 4.1.4 if it was fixed in that release? I guess one of you guys is wrong.
Either Sun does not tell its left hand what the right is doing ;-) or their SunSolve gateways don't get the updated/fed with the correct info. -- Sten
Current thread:
- Netscape SSL implementation cracked! (fwd), (continued)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)