syslog-ng: causes REMOTE machines to lock out logins even!

20 Dec 1999 21:15:24 -0000 

Forwarded to -user, as a warning to others about this dangerous package,
and, forwarded to -qa, in hopes of a speedy NMU to fix this, in light of
its severity.  (I'm not on either list, so cc as appropriate if replying.)

----- Forwarded message from Lazarus Long <[EMAIL PROTECTED]> -----

From: Lazarus Long <[EMAIL PROTECTED]>
Subject: syslog-ng: causes REMOTE machines to lock out logins even!
To: [EMAIL PROTECTED]
X-Mailer: bug 3.2.7
Date: Mon, 20 Dec 1999 21:08:11 +0000

Package: syslog-ng
Version: 1.3.10-1
Severity: critical

       4) Critical bug. Makes unrelated software on the system (or the whole
       system) break, or causes serious data loss, or introduces a security
       hole on systems where you install the package.

If there was a "5" level, this would warrant it!

This package causes REMOTE systems to break drastically!

Any remote system sending syslog entries to the local system (syslogd -r)
will no longer allow logins of any form, including via ssh, via telnet,
via local login at the console, or even any attempt to su.

Obviously no activities that write to syslog will complete.

  Dec 20 19:51:38 remoteboxname syslogd: sendto: Connection refused

This means that one can not get to root to change the syslog behaviour,
or even to disable syslog temporarily, and I imagine one would probably
find an infinite lockup condition upon rebooting.  (I certainly don't
intend to try in order to find out.)

Anyone attempting to run a reasonably secure network will have enabled
remote logging via syslog (and the -r switch) and this package's current
broken status threatens the entire network.

-- System Information
Debian Release: potato
Kernel Version: Linux phoenix 2.2.13 #3 Sun Oct 24 06:12:59 UTC 1999 i586 
unknown

Versions of the packages syslog-ng depends on:
ii  libc6           2.1.2-10       GNU C Library: Shared libraries and timezone
ii  logrotate       3.2-11         Log rotation utility
ii  sysklogd        1.3-33         Kernel and system logging daemons


----- End forwarded message -----

-- 
Please encrypt all mail whenever possible.  The following Public Keys
for Lazarus Long <[EMAIL PROTECTED]> are available upon request:

  Type    Bits/KeyID    Fingerprint        (GnuPG (GPG) is preferred.)
GPG/ELG: 2048g/CFACB34D FB64 906E 2F8A 14DF 9A98  C8BD 53F6 71FC 91D4 8329
GPG/DSA: 1024D/91D48329 (none for DSA keys)

Attachment: pgpCDTNmKeUB6.pgp
Description: PGP signature

Reply via email to