fix for HUGE SECURITY HOLE in syslog?

fix for HUGE SECURITY HOLE in syslog?

Post by Mathew G Monro » Sun, 24 Sep 1995 04:00:00

Excerpts from netnews.comp.os.linux.development.system: 23-Sep-95 fix

> Does anyone have a patch which fixes the lack of bounds checking in syslog?
> If you don't know about this problem, check out:


> thanks,

> -mark

> --
> Mark Saltzman

This was fixed back in may in both libc 4.7.x. and 5.x.x.



1. Huge security hole?

I am curious if this is as much of a security hole as it seems:

The situation is that several of the dorms on campus are wired for
ethernet, allowing anyone in these dorms to set up a workstation on
internet (most systems are 486's running Linux or NeXTstep). Aside from
allowing users the use of Crack, fsp, etc. for various purposes a paid and
responsible sysadmin would not allow, what could an unscrupulous owner
(i.e. root) of such a system do. Mind you, these connections mean that a
user can telnet anywhere which will accept a connection, as well as ftp and
other connections.

Any thoughts?

The overall question is, how much does security on the net depend upon the
scruples and responsibility of all sysadmins connected?


2. Need a

3. Single-user mode -- huge security hole?

4. sendmail problems

5. Huge security hole in elvis (Slackware)

6. event ports support in Niels Provos libevent

7. Another Huge Security Hole!

8. 3c507

9. Huge security holes in Microsoft FP98 server extensions for Apache

10. HUGE security hole ! How to close?

11. pwdauthd pwdauth() - Source Wanted in order to fix security hole.

12. Security Hole Fix?

13. Tools to fix security holes