Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 395709 (CVE-2011-4623)

Summary: <app-admin/rsyslog-5.8.5: integer signedness error while extending rsyslog possible DOS (CVE-2011-4623)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: dev-zero, ultrabug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=769822
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-12-22 19:07:01 UTC
An integer signedness error, leading to heap based buffer overflow was found in
the way the imfile module of rsyslog, an enhanced system logging and kernel
message trapping daemon, processed text files larger than 64 KB. When the
imfile rsyslog module was enabled, a local attacker could use this flaw to
cause denial of service (rsyslogd daemon hang) via specially-crafted message,
to be logged.

Upstream bug report:
[1] http://bugzilla.adiscon.com/show_bug.cgi?id=221

Upstream patch:
[2]
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=6bad782f154b7f838c7371bf99c13f6dc4ec4101
Comment 1 Ultrabug gentoo-dev 2011-12-28 12:08:08 UTC
Hi, thanks for reporting this.

If I'm not mistaken this bug affects <app-admin/rsyslog-5.7.4

Note: none of the currently in tree ebuilds are affected by this vulnerability.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-01-01 18:02:49 UTC
Thanks, Ultrabug. Am I correct to think this was first fixed for stable users in =app-admin/rsyslog-5.8.5?

GLSA Vote: yes.
Comment 3 Ultrabug gentoo-dev 2012-01-02 10:10:27 UTC
Yes Tim, I indeed remember it that way, thanks.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2012-03-06 00:56:55 UTC
Votes: YES. GLSA request filed.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-09-30 20:14:43 UTC
CVE-2011-4623 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4623):
  Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in
  the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x
  before 6.1.4 allows local users to cause a denial of service (daemon hang)
  via a large file, which triggers a heap-based buffer overflow.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-12-24 20:40:14 UTC
This issue was resolved and addressed in
 GLSA 201412-35 at http://security.gentoo.org/glsa/glsa-201412-35.xml
by GLSA coordinator Yury German (BlueKnight).