[syslog-ng]syslog-ng crash

Gregor Binder gb@rootnexus.net
Fri, 1 Feb 2002 21:28:43 +0100

William D. Colburn (aka Schlake) on Fri, Feb 01, 2002 at 12:58:57PM -0700:


> Normally I would disclose the crash to the list, but if no fix will be
> forthcoming I am afraid too let other people know how to down a server.
> Does anyone know if the author is still available, or if I should dig
> into the code to generate a patch on my own before releasing this
> information?

I strongly suggest you publish this problem to this list, or, if it is
relevant enough, to the security-lists (vuln-dev, bugtraq, whatever you
see fits).

The security community agrees that security issues should be published
within a certain amount of time, to allow people to think about counter-
measures of any kind or at least *know* that they are vulnerable ... see
http://www.securityfocus.com/ and look for the full disclosure policy.

Chances are, if you could figure out the problem exists, somebody
malicious could too ... besides that, I believe Balasz is back from the
hospital anyway?


 ____ ____ 
/  _/| -  >  Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B