[rsyslog] security issue in rsyslog
Rainer Gerhards
rgerhards at hq.adiscon.com
Mon Dec 1 17:08:05 CET 2008
The issue also exists in TCP mode, but analysis shows this is not a
trial fix. The design overlooked the situation. In theory, a whole new
access control feature would be needed. I am checking out if it is
possible to "just" enhance the interface. With the current netstreams
defined that should be possible. I am tempted to release the UDP-fixed
version and release the next version with the TCP fix. Feedback from
packagers is appreciated. The TCP fix may take a day or two, depending
on how smart a way I find.
Rainer
> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Monday, December 01, 2008 4:37 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] security issue in rsyslog
>
> ... and the patch will not work on all of these version, due to the
> introduction of the netstream driver functionality. Please note that
> anything older than current v3-stable is outdated, so the proper way
to
> replace the faulty code is to upgrade to the current v3-stable and
> apply
> the patch. I will also release a new v3-stable soon, hopefully today
> (but I'd like to conduct some more tests).
>
> Rainer
>
> > -----Original Message-----
> > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> > Sent: Monday, December 01, 2008 4:31 PM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] security issue in rsyslog
> >
> > I now clarified the affected versions. Affected are 3.12.2 and
above.
> >
> > Rainer
> >
> > > -----Original Message-----
> > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> > > Sent: Monday, December 01, 2008 3:32 PM
> > > To: rsyslog-users
> > > Subject: Re: [rsyslog] security issue in rsyslog
> > >
> > > Hi all,
> > >
> > > this is patch for v3-stable:
> > >
> > >
> >
>
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=f0ddbed44c332391ae
> > > 6
> > > d9bbf6b07e2f06c4dd676
> > >
> > > I have not tried yet, but I think it will work on almost all other
> > > versions, too. I keep you posted on the progress.
> > >
> > > Rainer
> > >
> > > > -----Original Message-----
> > > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> > > > Sent: Monday, December 01, 2008 11:27 AM
> > > > To: rsyslog-users
> > > > Subject: Re: [rsyslog] security issue in rsyslog
> > > >
> > > > Version v2-stable is NOT vulnerable.
> > > >
> > > > Rainer
> > > >
> > > > > -----Original Message-----
> > > > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > > > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> > > > > Sent: Monday, December 01, 2008 10:55 AM
> > > > > To: rsyslog-users
> > > > > Subject: [rsyslog] security issue in rsyslog
> > > > >
> > > > > Hi folks,
> > > > >
> > > > > thanks to a bug report, I found out that the $AllowedSender
> > > directive
> > > > > does not work in all releases. The bug in question is:
> > > > >
> > > > > http://bugzilla.adiscon.com/show_bug.cgi?id=111
> > > > >
> > > > > Im am currently working on the bug. Obviously, this can lead
to
> > > > > messages
> > > > > being received from systems that are not permitted so. As a
> work-
> > > > > around,
> > > > > proper firewalling should be set up on the vulnerable hosts.
> > Until
> > > > > further note, I would assume that all versions of rsyslog are
> > > > affected
> > > > > (I will provide more detail during my analysis).
> > > > >
> > > > > Thanks,
> > > > > Rainer
> > > > > _______________________________________________
> > > > > rsyslog mailing list
> > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > http://www.rsyslog.com
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
More information about the rsyslog
mailing list