[syslog-ng]Security: syslog-ng 1.4.x and 1.5.x is vulnerable to
buffer overflow
William Yodlowsky
wyodlows@andromeda.rutgers.edu
Wed, 09 Oct 2002 11:31:40 -0400
William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
> * Central syslog server segfaults (I know kondou@isc.org mentioned that it
> was their central server too)
>
> Since I haven't tried running 1.5.14-1.5.20 I'm going to give them a try
> to see if the problem is in one of those previous releases. That may
> make it easier to track down.
Ok, here's what I did. I tested each the same way:
- Compiled libol with:
./configure && make
- Compiled syslog-ng with:
./configure --with-libol=../libol-VERSION && make
- Tested with server (large) config file and invoked with:
# cd src
# truss -f ./syslog-ng -f ~/syslog-ng.conf -F -C /tmp/a -u logs -g
# logs
Results:
libol-0.3.1 & syslog-ng-1.5.14 - worked
libol-0.3.1 & syslog-ng-1.5.15 - worked
libol-0.3.2 & syslog-ng-1.5.16 - build failed
libol-0.3.2 & syslog-ng-1.5.17 - worked
libol-0.3.3 & syslog-ng-1.5.18 - build failed
libol-0.3.3 & syslog-ng-1.5.19 - segfault
libol-0.3.3 & syslog-ng-1.5.20 - worked
libol-0.3.3 & syslog-ng-1.5.21 - (removed res_init call) - WORKED
Hmm. Before, I was linking with libresolv. Since removing res_init,
that's no longer necessary, and it doesn't seem to segfault anymore.
I'm going to poke at this a bit more, and if anything else turns up,
I'll post.
Thanks...