[syslog-ng]Security: syslog-ng 1.4.x and 1.5.x is vulnerable to buffer overflow

William Yodlowsky wyodlows@andromeda.rutgers.edu
Wed, 09 Oct 2002 11:31:40 -0400

William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:

> * Central syslog server segfaults (I know kondou@isc.org mentioned that it 
>   was their central server too)
> Since I haven't tried running 1.5.14-1.5.20 I'm going to give them a try
> to see if the problem is in one of those previous releases.  That may
> make it easier to track down.

Ok, here's what I did.  I tested each the same way:

- Compiled libol with:
  ./configure && make

- Compiled syslog-ng with:
  ./configure --with-libol=../libol-VERSION && make

- Tested with server (large) config file and invoked with:
  # cd src
  # truss -f ./syslog-ng -f ~/syslog-ng.conf -F -C /tmp/a -u logs -g
  # logs


libol-0.3.1 & syslog-ng-1.5.14 - worked
libol-0.3.1 & syslog-ng-1.5.15 - worked
libol-0.3.2 & syslog-ng-1.5.16 - build failed
libol-0.3.2 & syslog-ng-1.5.17 - worked
libol-0.3.3 & syslog-ng-1.5.18 - build failed
libol-0.3.3 & syslog-ng-1.5.19 - segfault
libol-0.3.3 & syslog-ng-1.5.20 - worked
libol-0.3.3 & syslog-ng-1.5.21 - (removed res_init call) - WORKED

Hmm.  Before, I was linking with libresolv.  Since removing res_init,
that's no longer necessary, and it doesn't seem to segfault anymore.

I'm going to poke at this a bit more, and if anything else turns up,
I'll post.