DoS with sysklogd, glibc (Caldera) (fwd)

[R E Wolff BitWizard nl (Rogier Wolff)]

Hi,

This advisory has a bit more than the Red Hat one....

			Roger. 


----- Forwarded message from Alfred Huger -----

>>From owner-bugtraq SECURITYFOCUS COM Mon Nov 22 18:49:41 1999
Approved-By: aleph1 SECURITYFOCUS COM
Message-ID:  <Pine GSO 4 10 9911220906250 11753-100000 www securityfocus com>
Date:         Mon, 22 Nov 1999 09:08:08 -0800
X-Reply-To: Alfred Huger <ah SECURITYFOCUS COM>
Sender: Bugtraq List <BUGTRAQ SECURITYFOCUS COM>
From: Alfred Huger <ah SECURITYFOCUS COM>
Subject:      DoS with sysklogd, glibc (Caldera)
X-To:         bugtraq securityfocus com
To: BUGTRAQ SECURITYFOCUS COM

-- Start of PGP signed section.
______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                DoS with sysklogd, glibc
Advisory number:        CSSA-1999-035.0
Issue date:             1999 November, 17
Cross reference:
______________________________________________________________________________


1. Problem Description

   On Linux, most services do not log informational or error messages
   to their own files, but use the system log daemon, syslogd, for this.

   Unfortunately, the current syslogd has a problem by which any
   user on the local host can mount a denial of service attack that
   effectively stops all logging. Since all programs that want to send
   logging information to syslogd block until they're able to establish
   a connection to syslogd, this will make programs such as login, su,
   sendmail, telnetd, etc hang indefinitely.

2. Vulnerable Versions

   Systems : previous to COL 2.3
   Packages: previous to sysklogd-1.3.31-4

3. Solutions

   Workaround: none

   The proper solution is to upgrade to the latest packages

        rpm -U sysklogd-1.3.31-4.i386.rpm

   ** Make sure to reboot the machine after installing the fixed RPM. **

4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U sysklogd-1.3.31-4.i386.rpm

6. Verification

   a3a5aba891db83dbb0e31b01879011ac  RPMS/sysklogd-1.3.31-4.i386.rpm
   2bdf1431d3a487ee15e2323d61da2366  SRPMS/sysklogd-1.3.31-4.src.rpm


7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 5074

   Caldera wishes to thank Alex Kuznetisov, Alan Cox, and Bill
   Nottingham (the latter two of RedHat, Inc.) for their cooperation.

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-- End of PGP signed section, PGP failed!

----- End of forwarded message from Alfred Huger -----

-- 
** R E Wolff BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
 "I didn't say it was your fault. I said I was going to blame it on you."