| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Dec 2004 19:29:44 -0600 From: Michael Hampton <error10@...il.com> To: bugtraq@...urityfocus.com, room_citadel_development@...ensored.citadel.org Subject: Re: Citadel/UX <= v6.27 Remote Format String Vulnerability On 13 Dec 2004 00:06:42 -0000, CoKi <coki@...ystem.com.ar> wrote: > ------------------------------------------------- > No System Group - Advisory #09 - 12/12/04 > ------------------------------------------------- > Program: Citadel/UX > Homepage: http://www.citadel.org > Operating System: Linux and Unix-Compatible > Vulnerable Versions: Citadel/UX v6.27 and prior > Risk: High > Impact: Remote Format String Vulnerability The patch for this issue has been checked in to Citadel CVS and a release will be forthcoming shortly. Please do not run a production system from Citadel CVS as code may not always be stable. Sites which are unable to patch or upgrade may work around the issue by disabling system logging, and logging to a separate text file. To perform this action, remove the -l option from the citadel command line in /etc/inittab and replace it with a -t option specifying the text file to log to. Once complete, signal init to re-read the inittab (e.g. init q) and then restart the Citadel server. Example: cit1:2345:respawn:/usr/local/citadel/citserver -h/usr/local/citadel -x3 -t/var/log/citadel.log
Powered by blists - more mailing lists