Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 386014 Details for
Bug 524058
<app-admin/rsyslog-8.4.1, <app-admin/sysklogd-1.5.1: Remote syslog PRI vulnerability (CVE-2014-3634)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
app-admin/sysklogd-1.5-r4 ebuild
sysklogd-1.5-r4.diff (text/plain), 5.50 KB, created by
Thomas Deutschmann (RETIRED)
on 2014-10-03 23:00:08 UTC
(
hide
)
Description:
app-admin/sysklogd-1.5-r4 ebuild
Filename:
MIME Type:
Creator:
Thomas Deutschmann (RETIRED)
Created:
2014-10-03 23:00:08 UTC
Size:
5.50 KB
patch
obsolete
>diff -rupN old/app-admin/sysklogd/files/sysklogd-1.5_CVE-2014-3634.diff new/app-admin/sysklogd/files/sysklogd-1.5_CVE-2014-3634.diff >--- old/app-admin/sysklogd/files/sysklogd-1.5_CVE-2014-3634.diff 1970-01-01 01:00:00.000000000 +0100 >+++ new/app-admin/sysklogd/files/sysklogd-1.5_CVE-2014-3634.diff 2014-10-03 10:47:42.000000000 +0200 >@@ -0,0 +1,91 @@ >+From 43797330e75d7d4687b7ae6926a996c3c85c2679 Mon Sep 17 00:00:00 2001 >+From: mancha <mancha1 AT zoho DOT com> >+Date: Wed, 1 Oct 2014 >+Subject: CVE-2014-3634 >+ >+Rainer Gerhards, rsyslog project leader, discovered an issue in rsyslogd >+where invalid priority values can trigger DoS and potentially RCE. >+ >+As his analysis reveals, the cause of the problem identified in rsyslog's >+rsyslogd also exists in sysklogd's syslogd (from which rsyslogd was forked) >+and stems from the use of a (LOG_FACMASK|LOG_PRIMASK) mask to detect invalid >+priority values. >+ >+In sysklogd's syslogd, invalid priority values between 192 and 1023 (directly >+or arrived at via overflow wraparound) can propagate through code causing >+out-of-bounds access to the f_pmask array within the 'filed' structure by up >+to 104 bytes past its end. Though most likely insufficient to reach >+unallocated memory because there are around 544 bytes past f_pmask in 'filed' >+(mod packing and other differences), incorrect access of fields at higher >+positions of the 'filed' structure definition can cause unexpected behavior >+including message mis-classification, forwarding issues, message loss, >+or other. >+ >+This patch imposes a restriction on PRI message parts and requires they >+be properly-delimited priority value strings that have non-negative >+numerical values not exceeding 191. As before, sysklogd's syslogd permits >+zero padding to not break compatibility with RFC-non-compliant loggers that >+issue PRIs such as <0091>. Messages without well-formed PRI parts get >+logged with priority user.notice (13). (c.f. RFC 3164) >+ >+Thanks to Rainer Gerhards for the initial report and analysis. >+ >+[1] http://www.rsyslog.com/remote-syslog-pri-vulnerability/ >+[2] http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ >+ >+--- >+ syslogd.c | 25 +++++++++++++++++++------ >+ 1 file changed, 19 insertions(+), 6 deletions(-) >+ >+--- a/syslogd.c >++++ b/syslogd.c >+@@ -632,6 +632,8 @@ int funix[MAXFUNIX] = { -1, }; >+ #define TABLE_ALLPRI 0xFF /* Value to indicate all priorities in f_pmask */ >+ #define LOG_MARK LOG_MAKEPRI(LOG_NFACILITIES, 0) /* mark "facility" */ >+ >++#define MAX_PRI 191 /* Maximum Priority per RFC 3164 */ >++ >+ /* >+ * Flags to logmsg(). >+ */ >+@@ -1491,23 +1493,34 @@ void printline(hname, msg) >+ register char *p, *q; >+ register unsigned char c; >+ char line[MAXLINE + 1]; >+- int pri; >++ unsigned int pri; // Valid Priority values are 0-191 >++ int prilen=0; // Track Priority value string len >++ int msglen; >+ >+ /* test for special codes */ >++ msglen=strlen(msg); >+ pri = DEFUPRI; >+ p = msg; >+ >+ if (*p == '<') { >+ pri = 0; >+- while (isdigit(*++p)) >+- { >+- pri = 10 * pri + (*p - '0'); >++ while (--msglen > 0 && isdigit((unsigned char)*++p) && >++ pri <= MAX_PRI) { >++ pri = 10 * pri + (*p - '0'); >++ prilen++; >+ } >+- if (*p == '>') >++ if (*p == '>' && prilen) >+ ++p; >++ else { >++ pri = DEFUPRI; >++ p = msg; >++ } >+ } >+- if (pri &~ (LOG_FACMASK|LOG_PRIMASK)) >++ >++ if ((pri &~ (LOG_FACMASK|LOG_PRIMASK)) || (pri > MAX_PRI)) { >+ pri = DEFUPRI; >++ p = msg; >++ } >+ >+ memset (line, 0, sizeof(line)); >+ q = line; >diff -rupN old/app-admin/sysklogd/sysklogd-1.5-r4.ebuild new/app-admin/sysklogd/sysklogd-1.5-r4.ebuild >--- old/app-admin/sysklogd/sysklogd-1.5-r4.ebuild 1970-01-01 01:00:00.000000000 +0100 >+++ new/app-admin/sysklogd/sysklogd-1.5-r4.ebuild 2014-10-04 00:42:40.000000000 +0200 >@@ -0,0 +1,65 @@ >+# Copyright 1999-2014 Gentoo Foundation >+# Distributed under the terms of the GNU General Public License v2 >+# $Header: $ >+ >+EAPI="5" >+ >+inherit eutils flag-o-matic toolchain-funcs >+ >+DEB_VER="6" >+DESCRIPTION="Standard log daemons" >+HOMEPAGE="http://www.infodrom.org/projects/sysklogd/" >+SRC_URI="http://www.infodrom.org/projects/sysklogd/download/${P}.tar.gz >+ mirror://debian/pool/main/s/sysklogd/${PN}_${PV}-${DEB_VER}.diff.gz" >+ >+LICENSE="BSD" >+SLOT="0" >+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" >+IUSE="logrotate" >+RESTRICT="test" >+ >+DEPEND="" >+RDEPEND="dev-lang/perl >+ sys-apps/debianutils" >+ >+src_prepare() { >+ pushd "${WORKDIR}" >/dev/null >+ epatch "${WORKDIR}"/${PN}_${PV}-${DEB_VER}.diff >+ popd >/dev/null >+ >+ epatch "${FILESDIR}"/${P}-debian-cron.patch >+ epatch "${FILESDIR}"/${P}-build.patch >+ >+ # CAEN/OWL security patches >+ epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-syslogd-bind.diff >+ epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-syslogd-drop-root.diff >+ epatch "${FILESDIR}"/${PN}-1.4.2-caen-owl-klogd-drop-root.diff >+ >+ epatch "${FILESDIR}"/${P}-syslog-func-collision.patch #342601 >+ >+ epatch "${FILESDIR}"/${P}_CVE-2014-3634.diff >+} >+ >+src_configure() { >+ append-lfs-flags >+ tc-export CC >+} >+ >+src_install() { >+ dosbin syslogd klogd debian/syslog-facility debian/syslogd-listfiles >+ doman *.[1-9] debian/syslogd-listfiles.8 >+ insinto /etc >+ doins debian/syslog.conf >+ if use logrotate ; then >+ insinto /etc/logrotate.d >+ newins "${FILESDIR}"/sysklogd.logrotate sysklogd >+ else >+ exeinto /etc/cron.daily >+ newexe debian/cron.daily syslog >+ exeinto /etc/cron.weekly >+ newexe debian/cron.weekly syslog >+ fi >+ dodoc ANNOUNCE CHANGES NEWS README.1st README.linux >+ newinitd "${FILESDIR}"/sysklogd.rc7 sysklogd >+ newconfd "${FILESDIR}"/sysklogd.confd sysklogd >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=386014">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 524058
: 386014
