We're pleased to announce a bugfix release of sysklogd that fixes a
recently found vulnerability by Rainer Gerhards:
Many thanks to Rainer Gerhards, rsyslog project lead, for
identifying a problem with how rsyslog's rsyslogd and sysklogd's
syslogd check for invalid priority values (CVE-2014-3634). For details
please refer to Rainer's well-written issue description.
In sysklogd's syslogd, invalid priority values between 192 and 1023
(directly or arrived at via overflow wraparound) can propagate through
code causing out-of-bounds access to the f_pmask array within the
'filed' structure by up to 104 bytes past its end. Though most likely
insufficient to reach unallocated memory because there are around 544
bytes past f_pmask in 'filed' (mod packing and other differences),
incorrect access of fields at higher positions of the 'filed'
structure definition can cause unexpected behavior including message
mis-classification, forwarding issues, message loss, or other.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3634
Download:
http://www.infodrom.org/projects/sysklogd/download/sysklogd-1.5.1.tar.gz
-- Everybody talks about it, but nobody does anything about it! -- Mark TwainReceived on Mon Oct 06 2014 - 09:47:52 CEST
This archive was generated by hypermail 2.2.0 : Mon Oct 06 2014 - 09:57:06 CEST