#include <infodrom.style>
#include <projects.style>
#include <addresses.inc>

<projectpg project="sysklogd" maxcontrib=5>

<h3>Security Reports</h3>

<h3><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0867">CVE-2000-0867</a></h3>

<p>Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.</p>

<p>Fixed in <a
href="http://cvs.infodrom.org/sysklogd/klogd.c.diff?r1=1.18&r2=1.19&cvsroot=infodrom">\
klogd.c</a>.</p>

<h3><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0738">CVE-2001-0738</a></h3>

<p>LogLine function in klogd in sysklogd 1.3 in various Linux
distributions allows an attacker to cause a denial of service (hang)
by causing null bytes to be placed in log messages.</p>

<p>Fixed in <a
href="http://cvs.infodrom.org/sysklogd/klogd.c.diff?r1=1.19&r2=1.20&cvsroot=infodrom">\
klogd.c</a>.</p>

<p>Referenced as <a href="http://www.kb.cert.org/vuls/id/249579">\
VU#249579</a> and <a
href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=85478">\
Bug#85478</a>.</p>

<h3><a href="http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:038">MDKSA-2004:038</a></h3>

<p>Steve Grubb discovered a bug in sysklogd where it allocates an
insufficient amount of memory which causes sysklogd to write to
unallocated memory.  This could allow for a malicious user to crash
sysklogd.</p>

<p>The updated packages provide a patched sysklogd using patches from
Openwall to correct the problem and also corrects the use of an
unitialized variable (a previous use of "count").</p>

<p>Both bugs are bugs and are fixed in the CVS repository but they
don't pose any security risks since they can only be triggered by a
malicious commandline which can only be constructed by
<code>root</code> who doesn't need to use an exploit to gain root
access anymore.</p>

<p>Referenced as <a
href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=246535">\
Bug#246535</a>.</p>

</projectpg>