[syslog-ng]Security: syslog-ng 1.4.x and 1.5.x is vulnerable to
buffer overflow
William Yodlowsky
wyodlows@andromeda.rutgers.edu
Fri, 27 Sep 2002 12:59:23 -0400
Balazs Scheidler <bazsi@balabit.hu> wrote:
[snip]
> Everybody is urged to upgrade to 1.4.16 or 1.5.21, these are available at
> the usual place, http://www.balabit.hu/en/downloads/syslog-ng/downloads/
I am having difficulties on Solaris 2.6 and 8 building 1.5.21.
syslog-ng seems to need to link with libresolv, although it's not picked
up. Linking it by hand gets the compile finished, but then it segfaults
after a few seconds with:
poll(0xFFBEFC70, 2, 600000) (sleeping...)
signotifywait() (sleeping...)
door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
lwp_cond_wait(0xFF0D5550, 0xFF0D5560, 0xFF0CEDB8) (sleeping...)
door_return(0x00000000, 0, 0x00000000, 0) (sleeping...)
poll(0xFFBEFC70, 2, 600000) = 1
accept(2, 0xFFBEFB00, 0xFFBEFAFC, 1) = 4
fcntl(4, F_GETFL, 0xFFFFFFFF) = 130
fstat64(4, 0xFFBEF7C8) = 0
getsockopt(4, 65535, 8192, 0xFFBEF8C8, 0xFFBEF8C0, 0) = 0
fstat64(4, 0xFFBEF7C8) = 0
getsockopt(4, 65535, 8192, 0xFFBEF8C8, 0xFFBEF8C4, 0) = 0
setsockopt(4, 65535, 8192, 0xFFBEF8C8, 4, 0) = 0
fcntl(4, F_SETFL, 0x00000082) = 0
fcntl(4, F_SETFD, 0x00000001) = 0
time() = 1033145607
poll(0xFFBEFC68, 3, 100) = 1
read(4, " < 1 8 3 > S e p 2 7 ".., 2049) = 2049
Incurred fault #6, FLTBOUNDS %pc = 0xFF141AD8
siginfo: SIGSEGV SEGV_MAPERR addr=0x3804A888
Received signal #11, SIGSEGV [default]
siginfo: SIGSEGV SEGV_MAPERR addr=0x3804A888
*** process killed ***
Any ideas? Thanks in advance.