Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 697464 (CVE-2019-17041, CVE-2019-17042) - <app-admin/rsyslog-8.1910.0: multiple vulnerabilities (CVE-2019-{17041,17042})
Summary: <app-admin/rsyslog-8.1910.0: multiple vulnerabilities (CVE-2019-{17041,17042})
Status: IN_PROGRESS
Alias: CVE-2019-17041, CVE-2019-17042
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2019-10-10 22:26 UTC by GLSAMaker/CVETool Bot
Modified: 2019-11-03 13:54 UTC (History)
2 users (show)

See Also:
Package list:
app-admin/rsyslog-8.1910.0
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-10-10 22:26:57 UTC
CVE-2019-17041 (https://nvd.nist.gov/vuln/detail/CVE-2019-17041):
  An issue was discovered in Rsyslog v8.1908.0.
  contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the
  parser for AIX log messages. The parser tries to locate a log message
  delimiter (in this case, a space or a colon) but fails to account for
  strings that do not satisfy this constraint. If the string does not match,
  then the variable lenMsg will reach the value zero and will skip the sanity
  check that detects invalid log messages. The message will then be considered
  valid, and the parser will eat up the nonexistent colon delimiter. In doing
  so, it will decrement lenMsg, a signed integer, whose value was zero and now
  becomes minus one. The following step in the parser is to shift left the
  contents of the message. To do this, it will call memmove with the right
  pointers to the target and destination strings, but the lenMsg will now be
  interpreted as a huge value, causing a heap overflow.

CVE-2019-17042 (https://nvd.nist.gov/vuln/detail/CVE-2019-17042):
  An issue was discovered in Rsyslog v8.1908.0.
  contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for
  Cisco log messages. The parser tries to locate a log message delimiter (in
  this case, a space or a colon), but fails to account for strings that do not
  satisfy this constraint. If the string does not match, then the variable
  lenMsg will reach the value zero and will skip the sanity check that detects
  invalid log messages. The message will then be considered valid, and the
  parser will eat up the nonexistent colon delimiter. In doing so, it will
  decrement lenMsg, a signed integer, whose value was zero and now becomes
  minus one. The following step in the parser is to shift left the contents of
  the message. To do this, it will call memmove with the right pointers to the
  target and destination strings, but the lenMsg will now be interpreted as a
  huge value, causing a heap overflow.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-10-14 20:56:06 UTC
x86 stable
Comment 2 Piotr Karbowski gentoo-dev 2019-10-23 17:19:11 UTC
amd64 stable
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-11-03 13:54:43 UTC
arm stable