Date: Fri, 11 Mar 2011 17:17:48 +0300 From: Solar Designer <solar@...nwall.com> To: Florian Zumbiehl <florz@...rz.de> Cc: oss-security@...ts.openwall.com, Josh Bressers <bressers@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Stefan Fritsch <sf@...itsch.de>, Petr Uzel <petr.uzel@...e.cz>, Thomas Biege <thomas@...e.de>, Jan Kalu??a <jkaluza@...hat.com> Subject: Re: CVE Request -- logrotate -- nine issues On Thu, Mar 10, 2011 at 10:32:43PM +0100, Florian Zumbiehl wrote: > > > | However, I think that still #6 (shell injection) and #7 (logrotate > > > | DoS with strange characters in file names) should be considered > > > | vulnerabilities in logrotate: ... [...] > I was thinking more in the direction of an existing config that includes > a wildcard and software that uses user input to construct file names > that would be matched by that wildcard. An example of such software > would be samba, which tends to create per-client-host log files named > after those hosts. I don't have a clue whether samba could be made to > include any shell meta characters (does it even do reverse lookups for > that?), but I guess you get the idea. This makes sense, and I agree that it's a reason for logrotate to treat log filenames as potentially untrusted input. It's probably also a reason to get CVE ids assigned. Thank you for explaining the attack vector here! Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ