Summary: | <app-admin/rsyslog-5.8.5 Malformed TAG DoS (CVE-2011-3200) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dev-zero, ultrabug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/45848/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 381909 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2011-09-03 00:44:37 UTC
5.8.5 is available, please bump =) http://www.rsyslog.com/potential-dos-with-malformed-tag/ states the impact is DoS. Code execution is not possible. Thank you Agostino, I have bumped rsyslog to latest version and removed the useless 5.8.1 vulnerable version. +*rsyslog-5.8.5 (05 Sep 2011) + + 05 Sep 2011; Ultrabug <ultrabug@gentoo.org> files/5-stable/rsyslog.initd, + -rsyslog-5.8.1.ebuild, +rsyslog-5.8.5.ebuild, metadata.xml: + Init script handles baselayout 1 & 2, fix #373913 thanks to Martin Dummer for + reporting. Version bump wrt #381637 and drop old vulnerable version. Add + optional zeromq support to rsyslog. + Next steps proposed : - ask for 5.8.3 stabilization so we can remove 5.6.5 - wait one month and stabilize 5.8.5 Are you okay with this ? Thanks Alexys, (In reply to comment #3) > Next steps proposed : > > - ask for 5.8.3 stabilization so we can remove 5.6.5 > - wait one month and stabilize 5.8.5 > > Are you okay with this ? No, we stabilize now the version not affected to CVE (as usual). Arches, please test and mark stable: =app-admin/rsyslog-5.8.5 target KEYWORDS : "amd64 hppa x86" @maintainer the ebuild seems have differents problems, so not all are a blockers. Please check: bug 381901 bug 381903 bug 381905 bug 381907 bug 381909 bug 381911 All fixed, thanks again Ago. (In reply to comment #6) > All fixed, thanks again Ago. Thanks. amd64 perfect now. + 05 Sep 2011; Tony Vroon <chainsaw@gentoo.org> rsyslog-5.8.5.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in bug + #381637. Archtested on x86: Everything fine Stable for HPPA. Cannot emerge 5.8.5 from stage3, pkgconfig dependency is missing: ... checking for FSSTND support... yes /var/tmp/portage/app-admin/rsyslog-5.8.5/work/rsyslog-5.8.5/configure: line 16014: syntax error near unexpected token `GNUTLS,' /var/tmp/portage/app-admin/rsyslog-5.8.5/work/rsyslog-5.8.5/configure: line 16014: ` PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0)' !!! Please attach the following file when seeking support: !!! /var/tmp/portage/app-admin/rsyslog-5.8.5/work/rsyslog-5.8.5/config.log * ERROR: app-admin/rsyslog-5.8.5 failed (configure phase): * econf failed PLease open a new bug for this. x86 stable, thanks JD Thanks, folks. GLSA Vote: yes. Thanks guys, old vulnerable versions removed fyi. CVE-2011-3200 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3200): Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. Vote: NO. NO too, closing. Thanks everyone. |