.------------------------------------------------. |**** Project Independence Security Advisory ****| `-----------* ID: PISA-21-NOV-99-004 *-----------' Issued by: David Webster Issue Date: 21-NOV-99 Overview: Denial of service attack in syslogd Affected: Independence Release 6.0-0.8 (Redhat 6.0) References: RedHat Security Advisory; RHSA-1999:055-01 Bugtraq id; #809 -=-=-==-=-=- Detailed Problem Description: The syslog daemon by default used unix domain stream sockets for receiving local log connections. By opening a large number of connections to the log daemon, the user could make the system unresponsive. Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the vulnerability and providing patches. Solution: Update the affected RPM packages by downloading and installing the RPMs listed below. For each RPM, run: root# rpm -Uvh where is the name of the RPM. [Note: You need only install EITHER the compiled RPM, (*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.] RPMs: http://independence.seul.org/security/1999/rpms/sysklogd-1.3.31-14.i386.rpm ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm Source RPMs: http://independence.seul.org/security/1999/rpms/sysklogd-1.3.31-14.src.rpm ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm Verification: MD5 sum Package Name -------------------------------------------------------------------------- 8e59b61b8b1a9356ea675d7234b801d8 i386/sysklogd-1.3.31-14.i386.rpm 55cc22adb6b3272ef23763e89309af24 SRPMS/sysklogd-1.3.31-14.src.rpm -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Their key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg This security advisory, and all future ones should be signed by me, David Webster (aka cognition), with key ID: 45 FA C2 83 Which is avaliable from: [http://www.cognite.net/pgp.html], and most good pgp key servers. An archive of these messages can be currently be found on: http://www.cognite.net/indy/ A process of automatic retrival is being worked on. [Note: these problems were discovered, and fixed by RedHat.] .---------------------------------------------------. | And problems regarding this, or future advisories | | should be emailed to me: | `---------------------------------------------------'