From owner-freebsd-security Tue Apr 23 11:44:19 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA24801 for security-outgoing; Tue, 23 Apr 1996 11:44:19 -0700 (PDT) Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id LAA24778 for ; Tue, 23 Apr 1996 11:44:14 -0700 (PDT) Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id UAA12394 ; Tue, 23 Apr 1996 20:44:12 +0200 Received: from (uucp@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id UAA16348 ; Tue, 23 Apr 1996 20:44:11 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.7.5/keltia-uucp-2.7) id UAA16875; Tue, 23 Apr 1996 20:42:05 +0200 (MET DST) From: Ollivier Robert Message-Id: <199604231842.UAA16875@keltia.freenix.fr> Subject: Re: CA-95:13 syslog problem To: freebsd@bcl.com Date: Tue, 23 Apr 1996 20:42:05 +0200 (MET DST) Cc: freebsd-security@freebsd.org In-Reply-To: <199604230830.JAA04756@mitre.bcl.com> from FreeBSD Manager at "Apr 23, 96 09:27:44 am" X-Operating-System: FreeBSD 2.2-CURRENT ctm#1916 X-Mailer: ELM [version 2.4ME+ PL11 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk It seems that FreeBSD Manager said: > Can anyone confirm if FreeBSD 2.1.0-RELEASE is vulnerable to the > syslog problem as described in CERT advisory CA-95:13 and if so the > current state/location of a patch to solve this problem. 2.1.0-RELEASE is *not* vulnarable. It was fixed in CURRENT: ------------------------------------------------------------ revision 1.4 date: 1995/09/15 13:53:39; author: peter; state: Exp; lines: +86 -18 Fix security bugs with a "new approach", using stdio's powerful buffer control hooks. It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is attached to a string buffer. There is also an optimisation for the case where the syslog format string does not contain %m, which should improve performance of "informational" logging, like from ftpd. ------------------------------------------------------------ the imported into 2.1-STABLE which become 2.1.0-RELEASE: ------------------------------------------------------------ revision 1.2.4.2 <<<<<<<<<<<<<<< date: 1995/09/26 07:54:51; author: davidg; state: Exp; lines: +86 -18 Brought in changes from main branch: security fixes. ------------------------------------------------------------ RCS file: /spare/FreeBSD-current/src/lib/libc/gen/syslog.c,v Working file: syslog.c head: 1.8 branch: locks: strict access list: symbolic names: RELENG_2_1_0_RELEASE: 1.2.4.3 <<<<<<<<<<<<<<<< RELENG_2_1_0: 1.2.0.4 The difference between 1.2.4.2 and 1.2.4.3 is a fix of the security fix :-) 2.0.5-RELEASE is vulnerable. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #13: Sun Apr 21 18:14:54 MET DST 1996