Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 491856

Summary: <app-admin/rsyslog-7.2.7: remote DoS when imgssapi module is enabled
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: ultrabug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1032572
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-11-21 11:57:23 UTC
From ${URL} :

The gssapi module in Rsyslog is found to be vulnerable to a DoS crash when telneting to a remote port.

rsyslog-gssapi configuration on foo.example.com is:

    $ModLoad imgssapi
    $InputGSSServerRun 1514

Now the output result for the crash from the reporter seems to be like:

    # telnet foo.example.com 1514
    #     Connected to foo.example.com
    #         Escape character is '^]'.
    #             Connection closed by foreign host.
    #
    #             /var/log/syslog on foo.example.com has:
    #
    #             Nov 15 12:28:47 foo rsyslogd: TCP session 0x2550730 will be closed, error ignored
    #
    #             and rsyslogd crashes like:
    #
    #             5487.317324670:7ff49169d700: poll returned with i 1, pUsr 0xf106f0
    #             5487.317388061:7ff49169d700: New connect on NSD 0xf269d0.
    #             5487.319769985:7ff49169d700: GSS-API Trying to accept TCP session 0xf06760
    #             5488.321087177:7ff49169d700: Called LogError, msg: TCP session 0xf06760 will be closed, error ignored
    #             5488.321207329:7ff49169d700: main Q: entry added, size now log 1, phys 1 entries
    #             5488.321250988:7ff49169d700: main Q: EnqueueMsg advised worker start
    #             5488.321378952:7ff492ea0700: wti 0xf54e10: worker awoke from idle processing
    #             Segmentation fault (core dumped)

Program terminated with signal 11, Segmentation fault, which confirms the issue.

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729658


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-12-24 20:40:22 UTC
This issue was resolved and addressed in
 GLSA 201412-35 at http://security.gentoo.org/glsa/glsa-201412-35.xml
by GLSA coordinator Yury German (BlueKnight).