sysklogd

Security Reports

CVE-2000-0867

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

Fixed in klogd.c.

CVE-2001-0738

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

Fixed in klogd.c.

Referenced as VU#249579 and Bug#85478.

Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd.

The updated packages provide a patched sysklogd using patches from Openwall to correct the problem and also corrects the use of an unitialized variable (a previous use of "count").

Both bugs are bugs and are fixed in the CVS repository but they don't pose any security risks since they can only be triggered by a malicious commandline which can only be constructed by root who doesn't need to use an exploit to gain root access anymore.

Referenced as Bug#246535.

News

2014-10-06 New version 1.5.1 released more2007-07-29 New version 1.5 released more2001-03-11 New version 1.4.1 released more

Download

Version 1.5 (84 kB)
Version 1.5.1 (87 kB)
Version 1.4.1 (79 kB)
Version 1.4.0 (80 kB)

Contributors

Martin Schulze
Greg Wettstein
Herbert Thielen
Christopher C Chimelis
Florian La Roche

sysklogd

Security Reports

CVE-2000-0867

CVE-2001-0738

MDKSA-2004:038