First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 161882
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
bug-229970_ulogd-1.23-strfix.dif bug-229970_ulogd-1.23-strfix.dif patch Sune Kloppenborg Jeppesen 2007-01-13 11:39 0000 26.93 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 161882 depends on: Show dependency tree
Bug 161882 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-01-13 11:37 0000 
SUSE patched ulogd buffer handling etc. Havne't had time to look at the bug so
I'm filing it under auditing for now.

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-01-13 11:39:41 0000 ------- 
Created an attachment (id=106787) [details]
bug-229970_ulogd-1.23-strfix.dif

SUSE patch.

------- Comment #2 From Raphael Marichez 2007-01-22 11:32:15 0000 ------- 
maintainer needed :(

Unknown impact.

------- Comment #3 From Matthias Geerdsen 2007-01-22 20:08:07 0000 ------- 
http://www.novell.com/linux/security/advisories/2007_01_sr.html

- ulogd potential buffer overflows
     The ulogd logging daemon was updated to fix a potential buffer
     overflow due to improper string length calculations.

     SUSE Linux 9.3 up to 10.1 and openSUSE 10.2 were affected and fixed.


http://secunia.com/advisories/23863/

Description:
A vulnerability with an unknown impact has been reported in ulogd.

The vulnerability is caused due to an unspecified error during the calculation
of string lengths and can potentially be exploited to cause a buffer overflow.

Solution:
Due to limited information about this issue, a proper solution cannot be
suggested.

------- Comment #4 From Matthias Geerdsen 2007-01-26 14:37:08 0000 ------- 
maintainer-needed mail sent to -dev

------- Comment #5 From Rob Clark 2007-01-26 21:34:05 0000 ------- 
I'd be prepared to pick up the package and get it patched up and commited. Wont
be done until Sunday/Monday (I'm moving house)

If someone else wants to jump in and do it instead thats fine with me.

Cheers
-Rob

------- Comment #6 From Alec Warner 2007-02-05 17:42:35 0000 ------- 
1.24 is masked, 1.23-r1 with the fix will be in the tree in a few hours

------- Comment #7 From Alec Warner 2007-02-06 16:15:06 0000 ------- 
1.23-r1 is in the tree.

------- Comment #8 From Jakub Moc (RETIRED) 2007-02-07 09:05:46 0000 ------- 
(In reply to comment #7)
> 1.23-r1 is in the tree.

You didn't commit the patch so it fails... ;)

------- Comment #9 From Daniel Black 2007-02-07 09:21:15 0000 ------- 
patch is in the tree now too. Thanks analyzer on #gentoo-bugs for pointing it
out.

------- Comment #10 From Alec Warner 2007-02-07 17:56:24 0000 ------- 
(In reply to comment #8)
> (In reply to comment #7)
> > 1.23-r1 is in the tree.
> 
> You didn't commit the patch so it fails... ;)
> 

No, I put the patch on the mirrors but failed to modify the ebuild because the
patch is too big for the tree (>20k)

------- Comment #11 From Raphael Marichez 2007-02-10 22:25:54 0000 ------- 
(In reply to comment #10)

> No, I put the patch on the mirrors but failed to modify the ebuild because the
> patch is too big for the tree (>20k)
> 

Hello Antarus,

Does that work actually ?

------- Comment #12 From Raphael Marichez 2007-03-03 13:31:40 0000 ------- 
mmm, i can see that it has already been fixed in 1.23-r1 and already stable for
a while.

Security team, glsa? The description is very weak:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0460

------- Comment #13 From Matthias Geerdsen 2007-03-05 21:12:49 0000 ------- 
tending to vote yes

------- Comment #14 From Raphael Marichez 2007-03-09 22:32:25 0000 ------- 
security team please vote.

Personnally, i really don't know if a GLSA would be useful...

------- Comment #15 From Pierre-Yves Rofes 2007-03-12 09:54:46 0000 ------- 
tending to vote no here.

------- Comment #16 From Matt Drew 2007-03-14 02:17:35 0000 ------- 
This thing is basically taking raw packets from iptables' ULOG target and
dumping them into a database, sorting by protocol type and a few other fields. 
In other words, direct unfiltered user input.  I suspect the vulnerability they
listed had to do with malformed packets causing the overflows.  It also looks
like this thing runs as root (I emerged it and checked - root process, at least
on my box). so I vote yes.

------- Comment #17 From Sune Kloppenborg Jeppesen 2007-03-14 07:34:25 0000 ------- 
I tend to vote YES as well.

------- Comment #18 From Raphael Marichez 2007-03-18 21:54:41 0000 ------- 
GLSA 200701-17, thanks everybody
First Last Prev Next    No search results available      Search page      Enter new bug