|Summary:||app-admin/ulogd: possible buffer overflow (SUSE security patch) (CVE-2007-0460)|
|Product:||Gentoo Security||Reporter:||Sune Kloppenborg Jeppesen <jaervosz>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B? [glsa] Falco|
|Package list:||Runtime testing required:||---|
Description Sune Kloppenborg Jeppesen 2007-01-13 11:37:18 UTC
SUSE patched ulogd buffer handling etc. Havne't had time to look at the bug so I'm filing it under auditing for now.
Comment 1 Sune Kloppenborg Jeppesen 2007-01-13 11:39:41 UTC
Created attachment 106787 [details, diff] bug-229970_ulogd-1.23-strfix.dif SUSE patch.
Comment 2 Raphael Marichez (Falco) (RETIRED) 2007-01-22 11:32:15 UTC
maintainer needed :( Unknown impact.
Comment 3 Matthias Geerdsen (RETIRED) 2007-01-22 20:08:07 UTC
http://www.novell.com/linux/security/advisories/2007_01_sr.html - ulogd potential buffer overflows The ulogd logging daemon was updated to fix a potential buffer overflow due to improper string length calculations. SUSE Linux 9.3 up to 10.1 and openSUSE 10.2 were affected and fixed. http://secunia.com/advisories/23863/ Description: A vulnerability with an unknown impact has been reported in ulogd. The vulnerability is caused due to an unspecified error during the calculation of string lengths and can potentially be exploited to cause a buffer overflow. Solution: Due to limited information about this issue, a proper solution cannot be suggested.
Comment 4 Matthias Geerdsen (RETIRED) 2007-01-26 14:37:08 UTC
maintainer-needed mail sent to -dev
Comment 5 Rob Clark 2007-01-26 21:34:05 UTC
I'd be prepared to pick up the package and get it patched up and commited. Wont be done until Sunday/Monday (I'm moving house) If someone else wants to jump in and do it instead thats fine with me. Cheers -Rob
Comment 6 Alec Warner 2007-02-05 17:42:35 UTC
1.24 is masked, 1.23-r1 with the fix will be in the tree in a few hours
Comment 7 Alec Warner 2007-02-06 16:15:06 UTC
1.23-r1 is in the tree.
Comment 8 Jakub Moc (RETIRED) 2007-02-07 09:05:46 UTC
(In reply to comment #7) > 1.23-r1 is in the tree. You didn't commit the patch so it fails... ;)
Comment 9 Daniel Black (RETIRED) 2007-02-07 09:21:15 UTC
patch is in the tree now too. Thanks analyzer on #gentoo-bugs for pointing it out.
Comment 10 Alec Warner 2007-02-07 17:56:24 UTC
(In reply to comment #8) > (In reply to comment #7) > > 1.23-r1 is in the tree. > > You didn't commit the patch so it fails... ;) > No, I put the patch on the mirrors but failed to modify the ebuild because the patch is too big for the tree (>20k)
Comment 11 Raphael Marichez (Falco) (RETIRED) 2007-02-10 22:25:54 UTC
(In reply to comment #10) > No, I put the patch on the mirrors but failed to modify the ebuild because the > patch is too big for the tree (>20k) > Hello Antarus, Does that work actually ?
Comment 12 Raphael Marichez (Falco) (RETIRED) 2007-03-03 13:31:40 UTC
mmm, i can see that it has already been fixed in 1.23-r1 and already stable for a while. Security team, glsa? The description is very weak: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0460
Comment 13 Matthias Geerdsen (RETIRED) 2007-03-05 21:12:49 UTC
tending to vote yes
Comment 14 Raphael Marichez (Falco) (RETIRED) 2007-03-09 22:32:25 UTC
security team please vote. Personnally, i really don't know if a GLSA would be useful...
Comment 15 Pierre-Yves Rofes (RETIRED) 2007-03-12 09:54:46 UTC
tending to vote no here.
Comment 16 Matt Drew (RETIRED) 2007-03-14 02:17:35 UTC
This thing is basically taking raw packets from iptables' ULOG target and dumping them into a database, sorting by protocol type and a few other fields. In other words, direct unfiltered user input. I suspect the vulnerability they listed had to do with malformed packets causing the overflows. It also looks like this thing runs as root (I emerged it and checked - root process, at least on my box). so I vote yes.
Comment 17 Sune Kloppenborg Jeppesen 2007-03-14 07:34:25 UTC
I tend to vote YES as well.
Comment 18 Raphael Marichez (Falco) (RETIRED) 2007-03-18 21:54:41 UTC
GLSA 200701-17, thanks everybody