hmm.. I thought that the whole point of the update was to patch this
security hole... isn't the text you quoted referring to the
vulnerability that the update fixed?
At 10:28 PM -0500 24/9/00, Jonathan Wilson wrote:
>I _just_ saw the red hat security update for sysklogd and guess
>what? part of it reads thusly:
>
> "klogd contains instances of the:
> syslog( LOG_INFO, buffer );
> vulnerability that has been recently been discussed on Bugtraq
>and similar
> mailing lists; by supplying some string that contains '%' escapes, it is
> possible to have those escapes interpreted, which can lead to
>the ability
> to gain root access."
>
>
>Notice all the %'s in that log entry. Script Kiddies! That's freaky,
>to think that people move that fast. I was going to get around to
>removing rpc "as soon as I could" - guess I should have move faster
>then that :(
>
>Well, now I guess I need to find out if they got in anyway. Off to
>work I go.....
--
Nitro - 3D Visualisation, Graphics & Animation
Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
http://www.nitro.com.au/
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
