From CVE request at $URL: Gregor Kopf of Recurity Labs GmbH found a double-free vulnerability in Logsurfer affecting the function prepare_exec(). The vulnerability is caused by an insufficient treatment of an error condition that is returned by the function get_word() when it is unable to correctly parse its input. The following versions of logsurfer are affected: Logsurfer 1.5b and previous versions Logsurfer+ 1.7 and previous versions A patch is available at http://logsurfer.git.sourceforge.net/git/gitweb.cgi?p=logsurfer/logsurfer;a=commit;h=07983748da9ea3d4954b80f02fed692fe21b1134
1.8 in cvs. please mark stable app-admin/logsurfer+-1.8.
Thanks. Arches, please test and mark stable: =app-admin/logsurfer+-1.8 Target KEYWORDS="amd64 x86"
amd64; all ok but for archtester xen-tools # /etc/init.d/logsurfer stop * Stopping logsurfer ... * start-stop-daemon: fopen `/var/run/logsurfer.pid': No such file or directo [ ok ] Do you call this a bug?
(In reply to comment #3) > Do you call this a bug? Yep, it does not create a pif file and the program does not running imho. amd64box ~ # /etc/init.d/logsurfer start logsurfer | * Caching service dependencies ... [ ok ] logsurfer | * Starting logsurfer ... [ ok ] amd64box ~ # ps aux | grep logs root 14997 0.0 0.0 6288 576 pts/0 S+ 23:47 0:00 grep --colour=auto logs
Ditto Agostino and Ian
sorry for delay. 1.8-r1 in cvs. Could you test it?
(In reply to comment #6) > sorry for delay. > 1.8-r1 in cvs. Could you test it? amd64box ~ # /etc/init.d/logsurfer start logsurfer | * Caching service dependencies ... [ ok ] logsurfer | * /var/run/logsurfer.pid: creating file logsurfer | * checkpath: correcting mode logsurfer | * /var/run/logsurfer.pid: correcting owner logsurfer | * Starting logsurfer ... logsurfer |error in match_not_regex of rule: BZh91AY&SY��&�_o߀P0|����������`��/`;��D� logsurfer |config error arround line 2: BZh91AY&SY��&�_o߀P0|����������`��/`;��D� logsurfer | * start-stop-daemon: failed to start `/usr/bin/logsurfer' logsurfer | * Failed to start logsurfer [ !! ] logsurfer | * ERROR: logsurfer failed to start
I guess that it has some compatible issue between 1.7 and 1.8. Could you put your logsurfer.conf here?
probably is my bad, can you attach a valid conf here?
You can get some samples from upstream git tree. git clone git://logsurfer.git.sourceforge.net/gitroot/logsurfer/config-examples http://logsurfer.git.sourceforge.net/git/gitweb.cgi?p=logsurfer/config-examples;a=summary
I actually used a blank logsurfer.conf
well, ok for me on amd64.
With this as my /etc/logsurfer.conf '.*' - - - 0 exec "/bin/echo $0" Output to the console stalled about one out of five times, and upon ^C received: ^Cexiting program - please wait... dumping state to /dev/null sending timeout to contexts... cleaning up memory... *** glibc detected *** logsurfer: double free or corruption (fasttop): 0x0000000000613fa0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75916)[0x7fb170aa7916] /lib64/libc.so.6(cfree+0x6c)[0x7fb170aac7cc] logsurfer[0x403a95] logsurfer[0x403b87] /lib64/libc.so.6(+0x35960)[0x7fb170a67960] /lib64/libc.so.6(nanosleep+0x10)[0x7fb170ad64d0] /lib64/libc.so.6(sleep+0xdf)[0x7fb170ad637f] logsurfer[0x403bb6] logsurfer[0x404813] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7fb170a53e9d] logsurfer[0x4018d9] ======= Memory map: ======== 00400000-00410000 r-xp 00000000 08:03 13951264 /usr/bin/logsurfer 0060f000-00610000 r--p 0000f000 08:03 13951264 /usr/bin/logsurfer 00610000-00611000 rw-p 00010000 08:03 13951264 /usr/bin/logsurfer 00611000-00633000 rw-p 00000000 00:00 0 [heap] 7fb16c000000-7fb16c021000 rw-p 00000000 00:00 0 7fb16c021000-7fb170000000 ---p 00000000 00:00 0 7fb17081c000-7fb170831000 r-xp 00000000 08:03 795269 /lib64/libgcc_s.so.1 7fb170831000-7fb170a30000 ---p 00015000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a30000-7fb170a31000 r--p 00014000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a31000-7fb170a32000 rw-p 00015000 08:03 795269 /lib64/libgcc_s.so.1 7fb170a32000-7fb170b94000 r-xp 00000000 08:03 786463 /lib64/libc-2.12.2.so 7fb170b94000-7fb170d93000 ---p 00162000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d93000-7fb170d97000 r--p 00161000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d97000-7fb170d98000 rw-p 00165000 08:03 786463 /lib64/libc-2.12.2.so 7fb170d98000-7fb170d9d000 rw-p 00000000 00:00 0 7fb170d9d000-7fb170dbb000 r-xp 00000000 08:03 786745 /lib64/ld-2.12.2.so 7fb170f8f000-7fb170f92000 rw-p 00000000 00:00 0 7fb170fb9000-7fb170fba000 rw-p 00000000 00:00 0 7fb170fba000-7fb170fbb000 r--p 0001d000 08:03 786745 /lib64/ld-2.12.2.so 7fb170fbb000-7fb170fbc000 rw-p 0001e000 08:03 786745 /lib64/ld-2.12.2.so 7fb170fbc000-7fb170fbd000 rw-p 00000000 00:00 0 7fffebe79000-7fffebe9a000 rw-p 00000000 00:00 0 [stack] 7fffebfff000-7fffec000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted
amd64: pass
Builds and runs fine on x86. Please mark stable for x86.
x86 stable
amd64 done. Thanks Agostino, Ian, Elijah and Michael
Thanks everyone. GLSA request filed.
This issue was resolved and addressed in GLSA 201201-04 at http://security.gentoo.org/glsa/glsa-201201-04.xml by GLSA coordinator Sean Amoss (ackle).
CVE-2011-3626 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3626): Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.