FreeBSD-SA-96:08:syslog vulnerability
Posted by Team   
FreeBSD Bounds checking for syslog error messages was not being performed properly.

FreeBSD-SA-96:08                                            Security Advisory
                                                                FreeBSD, Inc.

Topic:          syslog vulnerability

Category:       core
Module:         libc
Announced:      1996-04-21
Affects:        FreeBSD 2.0 and 2.0.5
Corrected:      1995-10-15 2.2-current and 2.1.0-release sources
Source:         Generic BSD bug
FreeBSD only:   no

Reference:      CERT CA-95:13.syslog.vul



I.   Background    

     A problem was found in the syslog(3) library call that affects
     FreeBSD 2.0 and FreeBSD 2.0.5 releases.  This problem was
     fixed prior to the release of FreeBSD 2.1.

     The FreeBSD project is not aware of active exploits of this

     All FreeBSD users are encouraged to upgrade to a version of
     FreeBSD with this vulnerability fixed.

II.  Problem Description

     Bounds checking for syslog error messages was not being
     performed properly.

III. Impact

     The problem could be exploited to gain unauthorized access to
     a system running sendmail.

IV. Solution(s)

     Update operating system sources and binaries to FreeBSD 2.1 or
     a later release or apply the patches available at the URL
     listed at the top of this bulletin and re-install the C library.

FreeBSD, Inc.

Web Site:             
Confidential contacts:
PGP Key:              
Security notifications:
Security public discussion:

Notice: Any patches in this document may not apply cleanly due to
        modifications caused by digital signature or mailer software.
        Please reference the URL listed at the top of this document
        for original copies of all patches if necessary.

Version: 2.6.2