VULNERABILITY

This sample contains the format string vulnerability CVE-2000-0867 from sysklogd 1.3.30.  The flaw is found when the LogLine() function of klogd.c calls the Syslog() function in the same file.  There are two calls.

COMPILING

make clean
make

TESTING

A test format string is hardcoded in the sample version of klogd.c, so you can verify that it's simple to read from the stack using a series of "%x" items in the format string.  Constructing an exploit that writes to memory would be more difficult due to the static nature of the buffer.

./klogd