Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1228748026.3834.72.camel@dhcp-lab-164.englab.brq.redhat.com>
Date: Mon, 08 Dec 2008 15:53:46 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request - rsyslog

Hello Steve,

  the following vulnerability has been recently reported
in rsyslog:

http://www.rsyslog.com/Article322.phtml

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027
http://secunia.com/Advisories/32857/

Upstream patch:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676

The reporter mentions:
"The versions affected are rsyslog 3.12.1 to 3.20.0, 4.1.0 and 4.1.1.    
 The v2-stable branch is not affected."

Although the v2-stable part is missing the plugins/imgssapi,imtcp,imudp
part of the patch, the affected 'clearAllowedSenders' function can be
found in syslogd.c 

 740 static void clearAllowedSenders (struct AllowedSenders *pAllow) {

and 'isAllowedSender' function from syslogd.c also lacks the check added
by the patch:
 
   1049 /* check if  a sender is allowed. The root of the the allowed sender.
   1050  * list must be proveded by the caller. As such, this function can be
   1051  * used to check both UDP and TCP allowed sender lists.
   1052  * returns 1, if the sender is allowed, 0 otherwise.
   1053  * rgerhards, 2005-09-26
   1054  */
   1055 int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost)
   1056 {
   1057         struct AllowedSenders *pAllow;
   1058 
   1059         assert(pFrom != NULL);
   1060                                   <- no "if(setAllowRoot(&pAllowRoot, pszType) != RS_RET_OK)" from the patch
   1061         if(pAllowRoot == NULL)
   1062                 return 1; /* checking disabled, everything is valid! */

so it is highly probable, rsyslog-2.0 is also affected by this issue (checking with the developers yet).

Could you please allocate a new CVE id for this issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.