oss-sec mailing list archives
Re: CVE request: double-free vulnerability in logsurfer
From: Josh Bressers <bressers () redhat com>
Date: Tue, 18 Oct 2011 16:12:29 -0400 (EDT)
----- Original Message -----
Am 17.10.2011 12:07, schrieb Marcus Meissner:On Mon, Oct 17, 2011 at 12:02:29PM +0200, Timo Warns wrote:Gregor Kopf of Recurity Labs GmbH found a double-free vulnerability in Logsurfer affecting the function prepare_exec(). The vulnerability is caused by an insufficient treatment of an error condition that is returned by the function get_word() when it is unable to correctly parse its input. The following versions of logsurfer are affected: Logsurfer 1.5b and previous versions Logsurfer+ 1.7 and previous versions A patch is available at http://logsurfer.git.sourceforge.net/git/gitweb.cgi?p=logsurfer/logsurfer;a=commit;h=07983748da9ea3d4954b80f02fed692fe21b1134How can this be exploited? It seems to happen in the argument handling and I doubt an attacker can inject arguments?Logsurfer allows to use substrings of log-file entries as arguments for calling external commands. An attacker is able to exploit this vulnerability by injecting specially crafted strings into a log-file that is processed by logsurfer.
This sounds CVE worthy.
Please use CVE-2011-3626.
Thanks.
--
JB
Current thread:
- CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Josh Bressers (Oct 18)
- Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)