|
Debian Super Syslog Buffer Overflow Vulnerability
Solution: Remove the suid bit from the super binary or apply the following patch: --- error.c Thu Feb 25 00:38:25 1999 +++ error.patch.c Thu Feb 25 01:07:53 1999 @@ -321,7 +321,7 @@ if (tag) StrLCat(newfmt, tag, sizeof(newfmt)); va_start(ap, fmt); - (void) vsprintf(buf, newfmt, ap); + (void) vsnprintf(buf, sizeof(buf), newfmt, ap); va_end(ap); SysLog(error_priority, buf); } @@ -485,7 +485,7 @@ StrLCat(newfmt, fmt, sizeof(newfmt)); if (tag) StrLCat(newfmt, tag, sizeof(newfmt)); - (void) vsprintf(buf, newfmt, ap); + (void) vsnprintf(buf, sizeof(buf), newfmt, ap); va_end(ap); SysLog(error_priority, buf); } |
|
|
Privacy Statement |
