Summary: | <app-admin/logsurfer+-1.8 Double-free Vulnerability (CVE-2011-3626) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | matsuu |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2011/10/17/2 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sean Amoss (RETIRED)
2011-10-17 11:25:52 UTC
1.8 in cvs. please mark stable app-admin/logsurfer+-1.8. Thanks. Arches, please test and mark stable: =app-admin/logsurfer+-1.8 Target KEYWORDS="amd64 x86" amd64; all ok but for archtester xen-tools # /etc/init.d/logsurfer stop * Stopping logsurfer ... * start-stop-daemon: fopen `/var/run/logsurfer.pid': No such file or directo [ ok ] Do you call this a bug? (In reply to comment #3) > Do you call this a bug? Yep, it does not create a pif file and the program does not running imho. amd64box ~ # /etc/init.d/logsurfer start logsurfer | * Caching service dependencies ... [ ok ] logsurfer | * Starting logsurfer ... [ ok ] amd64box ~ # ps aux | grep logs root 14997 0.0 0.0 6288 576 pts/0 S+ 23:47 0:00 grep --colour=auto logs Ditto Agostino and Ian sorry for delay. 1.8-r1 in cvs. Could you test it? (In reply to comment #6) > sorry for delay. > 1.8-r1 in cvs. Could you test it? amd64box ~ # /etc/init.d/logsurfer start logsurfer | * Caching service dependencies ... [ ok ] logsurfer | * /var/run/logsurfer.pid: creating file logsurfer | * checkpath: correcting mode logsurfer | * /var/run/logsurfer.pid: correcting owner logsurfer | * Starting logsurfer ... logsurfer |error in match_not_regex of rule: BZh91AY&SY��&�_o߀P0|����������`��/`;��D� logsurfer |config error arround line 2: BZh91AY&SY��&�_o߀P0|����������`��/`;��D� logsurfer | * start-stop-daemon: failed to start `/usr/bin/logsurfer' logsurfer | * Failed to start logsurfer [ !! ] logsurfer | * ERROR: logsurfer failed to start I guess that it has some compatible issue between 1.7 and 1.8. Could you put your logsurfer.conf here? probably is my bad, can you attach a valid conf here? You can get some samples from upstream git tree. git clone git://logsurfer.git.sourceforge.net/gitroot/logsurfer/config-examples http://logsurfer.git.sourceforge.net/git/gitweb.cgi?p=logsurfer/config-examples;a=summary I actually used a blank logsurfer.conf well, ok for me on amd64. With this as my /etc/logsurfer.conf '.*' - - - 0 exec "/bin/echo $0" Output to the console stalled about one out of five times, and upon ^C received: ^Cexiting program - please wait... dumping state to /dev/null sending timeout to contexts... cleaning up memory... *** glibc detected *** logsurfer: double free or corruption (fasttop): 0x0000000000613fa0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75916)[0x7fb170aa7916] /lib64/libc.so.6(cfree+0x6c)[0x7fb170aac7cc] logsurfer[0x403a95] logsurfer[0x403b87] /lib64/libc.so.6(+0x35960)[0x7fb170a67960] /lib64/libc.so.6(nanosleep+0x10)[0x7fb170ad64d0] /lib64/libc.so.6(sleep+0xdf)[0x7fb170ad637f] logsurfer[0x403bb6] logsurfer[0x404813] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7fb170a53e9d] logsurfer[0x4018d9] ======= Memory map: ======== 00400000-00410000 r-xp 00000000 08:03 13951264 /usr/bin/logsurfer 0060f000-00610000 r--p 0000f000 08:03 13951264 /usr/bin/logsurfer 00610000-00611000 rw-p 00010000 08:03 13951264 /usr/bin/logsurfer 00611000-00633000 rw-p 00000000 00:00 0 [heap] 7fb16c000000-7fb16c021000 rw-p 00000000 00:00 0 7fb16c021000-7fb170000000 ---p 00000000 00:00 0 7fb17081c000-7fb170831000 r-xp 00000000 08:03 795269 /lib64/libgcc_s.so.1 7fb170831000-7fb170a30000 ---p 00015000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a30000-7fb170a31000 r--p 00014000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a31000-7fb170a32000 rw-p 00015000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a32000-7fb170b94000 r-xp 00000000 08:03 786463 /lib64/libc-2.12.2.so 7fb170b94000-7fb170d93000 ---p 00162000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d93000-7fb170d97000 r--p 00161000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d97000-7fb170d98000 rw-p 00165000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d98000-7fb170d9d000 rw-p 00000000 00:00 0 7fb170d9d000-7fb170dbb000 r-xp 00000000 08:03 786745 /lib64/ld-2.12.2.so 7fb170f8f000-7fb170f92000 rw-p 00000000 00:00 0 7fb170fb9000-7fb170fba000 rw-p 00000000 00:00 0 7fb170fba000-7fb170fbb000 r--p 0001d000 08:03 786745 /lib64/ld-2.12.2.so 7fb170fbb000-7fb170fbc000 rw-p 0001e000 08:03 786745 /lib64/ld-2.12.2.so 7fb170fbc000-7fb170fbd000 rw-p 00000000 00:00 0 7fffebe79000-7fffebe9a000 rw-p 00000000 00:00 0 [stack] 7fffebfff000-7fffec000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted amd64: pass Builds and runs fine on x86. Please mark stable for x86. x86 stable amd64 done. Thanks Agostino, Ian, Elijah and Michael Thanks everyone. GLSA request filed. This issue was resolved and addressed in GLSA 201201-04 at http://security.gentoo.org/glsa/glsa-201201-04.xml by GLSA coordinator Sean Amoss (ackle). CVE-2011-3626 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3626): Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file. |