Caldera Systems Security Advisory: Security Problems with syslog/klogd | Linux Today

Caldera Systems Security Advisory: Security Problems with syslog/klogd

Written By
Web Webster
Web Webster
Sep 20, 2000

Date: Wed, 20 Sep 2000 09:12:23 +0200
From: Caldera Systems Security support@PHOENIX.CALDERASYSTEMS.COM

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [CSSA-2000-032.0] Security Problems with syslog/klogd


                   Caldera Systems, Inc.  Security Advisory

Subject:                Security problems in syslogd/klogd
Advisory number:        CSSA-2000-032.0
Issue date:             2000 September, 19
Cross reference:

1. Problem Description

Several problems have been discovered in syslogd and klogd, the
daemon programs responsible for system logging on Linux.

– There is a format bug in klogd.
– There is a single byte buffer overflow in syslogd.
– When given long messages, syslogd broadcasts the message to all
users currently logged in.

There are no known exploits yet, but the first two bugs could
lead to a root compromise.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        All packages previous to
                                sysklogd-1.4-2

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       sysklogd-1.4-2

   OpenLinux eDesktop 2.4       All packages previous to
                                sysklogd-1.4-2

3. Solution

Workaround:

None known. The proper solution is to upgrade to the fixed
packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

211046a507762511c45d31712bfb2485
RPMS/sysklogd-1.4-2.i386.rpm
6752f208b1f24904e70e170540d83dea SRPMS/sysklogd-1.4-2.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv sysklogd-1.4-2.i386.rpm

Stop and restart the syslog service using

          /etc/rc.d/init.d/syslog stop
          /etc/rc.d/init.d/syslog start

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

39c86b8264cbfe9f30cfbbd1ff197f4c
RPMS/sysklogd-1.4-2.i386.rpm
6752f208b1f24904e70e170540d83dea SRPMS/sysklogd-1.4-2.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv sysklogd-1.4-2.i386.rpm

Stop and restart the syslog service using

/etc/rc.d/init.d/syslog stop /etc/rc.d/init.d/syslog start

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

db9028cb2eb7430368ad1fcf3c4a457b
RPMS/sysklogd-1.4-2.i386.rpm
6752f208b1f24904e70e170540d83dea SRPMS/sysklogd-1.4-2.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv sysklogd-1.4-2.i386.rpm

Stop and restart the syslog service using

/etc/rc.d/init.d/syslog stop /etc/rc.d/init.d/syslog start

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera’s internal Problem Report
7693.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

9. Acknowledgements

Caldera Systems, Inc. wishes to thank the following people

           Jouko Pynnönen of Online Solutions, Finland
           Solar Designer
           Daniel Jacobowski of Debian
           Martin Schulze, sysklogd maintainer

    for discovering and/or fixing these bugs.
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.