Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 08 Dec 2008 15:53:46 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: coley@...re.org
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request - rsyslog

Hello Steve,

  the following vulnerability has been recently reported
in rsyslog:

http://www.rsyslog.com/Article322.phtml

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027
http://secunia.com/Advisories/32857/

Upstream patch:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676

The reporter mentions:
"The versions affected are rsyslog 3.12.1 to 3.20.0, 4.1.0 and 4.1.1.    
 The v2-stable branch is not affected."

Although the v2-stable part is missing the plugins/imgssapi,imtcp,imudp
part of the patch, the affected 'clearAllowedSenders' function can be
found in syslogd.c 

 740 static void clearAllowedSenders (struct AllowedSenders *pAllow) {

and 'isAllowedSender' function from syslogd.c also lacks the check added
by the patch:
 
   1049 /* check if  a sender is allowed. The root of the the allowed sender.
   1050  * list must be proveded by the caller. As such, this function can be
   1051  * used to check both UDP and TCP allowed sender lists.
   1052  * returns 1, if the sender is allowed, 0 otherwise.
   1053  * rgerhards, 2005-09-26
   1054  */
   1055 int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost)
   1056 {
   1057         struct AllowedSenders *pAllow;
   1058 
   1059         assert(pFrom != NULL);
   1060                                   <- no "if(setAllowRoot(&pAllowRoot, pszType) != RS_RET_OK)" from the patch
   1061         if(pAllowRoot == NULL)
   1062                 return 1; /* checking disabled, everything is valid! */

so it is highly probable, rsyslog-2.0 is also affected by this issue (checking with the developers yet).

Could you please allocate a new CVE id for this issue?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ