oss-sec mailing list archives
Re: vulnerability in rsyslog
From: Solar Designer <solar () openwall com>
Date: Tue, 30 Sep 2014 20:28:03 +0400
On Tue, Sep 30, 2014 at 01:55:12PM +0200, Sven Kieske wrote:
I don't understand the following statement in the pri-vuln.txt in section "Patches": "Version 7.4.6, while no longer being project supported received a patch and is also not vulnerable." What was patched when this version is not vulnerable? Or do you mean it is not vulnerable after the patch got applied?
I think Rainer is not subscribed to oss-security. I've just added him to CC on this reply. Rainer - please address Sven's questions above. All - please note that the bug is likely present in many other syslog services. It likely dates back all the way to Eric Allman's syslog, although I have not checked to make sure yet. pri-vuln.txt in the tarball attached to Rainer's message specifically mentions sysklogd as "mildly affected": | Affected | -------- | - rsyslog, most probably all versions (checked 5.8.6+) | - sysklogd (checked most recent versions) | - potentially others (see root cause) [...] | sysklogd | ~~~~~~~~ | Sysklogd is mildly affected. Having a quick look at the current git master | branch, the wrong action may be applied to messages with invalid facility. | | A segfault seems unlikely, as the maximum misadressing is 104 bytes of the | f_pmask table, which is always within properly allocated memory (albeit to | wrong data items). This can lead to triggering invalid selector lines and | thus wrongly writing to files or wrongly forwarding to other hosts. Alexander
Current thread:
- vulnerability in rsyslog Rainer Gerhards (Sep 30)
- Re: vulnerability in rsyslog Sven Kieske (Sep 30)
- Re: vulnerability in rsyslog Solar Designer (Sep 30)
- Re: vulnerability in rsyslog Rainer Gerhards (Sep 30)
- Re: vulnerability in rsyslog Solar Designer (Sep 30)
- Re: vulnerability in rsyslog Sven Kieske (Sep 30)