[Pkg-logwatch-general] r90 - in trunk: debian patches
Willi Mann
willi-guest at alioth.debian.org
Wed Mar 2 12:17:46 UTC 2011
Author: willi-guest
Date: 2011-03-02 12:17:45 +0000 (Wed, 02 Mar 2011)
New Revision: 90
Added:
trunk/patches/09-CVE-2011-1018.diff
Modified:
trunk/debian/changelog
Log:
logwatch (7.3.6.cvs20090906-2) unstable; urgency=high
* CVE-2011-1018: Remote code execution by combination of
- Logfile name by attacker's choice (e.g. samba log files) and
- Missing sanitization of logfile names in system() call.
- fix by encapsulating logfile names in ' and disallowing '.
Taken from upstream.
- closes: #615995
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2009-09-12 10:39:53 UTC (rev 89)
+++ trunk/debian/changelog 2011-03-02 12:17:45 UTC (rev 90)
@@ -1,3 +1,14 @@
+logwatch (7.3.6.cvs20090906-2) unstable; urgency=high
+
+ * CVE-2011-1018: Remote code execution by combination of
+ - Logfile name by attacker's choice (e.g. samba log files) and
+ - Missing sanitization of logfile names in system() call.
+ - fix by encapsulating logfile names in ' and disallowing '.
+ Taken from upstream.
+ - closes: #615995
+
+ -- Willi Mann <willi at wm1.at> Wed, 02 Mar 2011 08:57:07 +0100
+
logwatch (7.3.6.cvs20090906-1) unstable; urgency=low
* New CVS snapshot + postfix-logwatch 1.38.01
Added: trunk/patches/09-CVE-2011-1018.diff
===================================================================
--- trunk/patches/09-CVE-2011-1018.diff (rev 0)
+++ trunk/patches/09-CVE-2011-1018.diff 2011-03-02 12:17:45 UTC (rev 90)
@@ -0,0 +1,53 @@
+diff -uNr logwatch-7.3.6.cvs20090906.b/scripts/logwatch.pl logwatch-7.3.6.cvs20090906/scripts/logwatch.pl
+--- logwatch-7.3.6.cvs20090906.b/scripts/logwatch.pl 2011-03-02 08:53:53.000000000 +0100
++++ logwatch-7.3.6.cvs20090906/scripts/logwatch.pl 2011-03-02 08:55:14.000000000 +0100
+@@ -738,6 +738,10 @@
+ my $DestFile = $TempDir . $LogFile . "-archive";
+ my $Archive;
+ foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
++ if ($Archive =~ /'/) {
++ print "File $Archive has invalid embedded quotes. File ignored.\n";
++ next;
++ }
+ my $CheckTime;
+ # We need to find out what's the earliest log we need
+ my @time_t = TimeBuild();
+@@ -765,15 +769,15 @@
+ my @FileStat = stat($Archive);
+ if ($CheckTime <= ($FileStat[9])) {
+ if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) {
+- my $arguments = "$Archive >> $DestFile";
++ my $arguments = "'${Archive}' >> $DestFile";
+ system("$Config{'pathtozcat'} $arguments") == 0
+ or die "system '$Config{'pathtozcat'} $arguments' failed: $?"
+ } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) {
+- my $arguments = "$Archive 2>/dev/null >> $DestFile";
++ my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
+ system("$Config{'pathtobzcat'} $arguments") == 0
+ or die "system '$Config{'pathtobzcat'} $arguments' failed: $?"
+ } elsif ((-f "$Archive") && (-s "$Archive")) {
+- my $arguments = "$Archive >> $DestFile";
++ my $arguments = "'${Archive}' >> $DestFile";
+ system("$Config{'pathtocat'} $arguments") == 0
+ or die "system '$Config{'pathtocat'} $arguments' failed: $?"
+ } #End if/elsif existence
+@@ -785,6 +789,10 @@
+ foreach my $ThisFile (@FileList) {
+ #Existence check for files -mgt
+ next unless (-f $ThisFile);
++ if ($ThisFile =~ /'/) {
++ print "File $ThisFile has invalid embedded quotes. File ignored.\n";
++ next;
++ }
+ if (! -r $ThisFile) {
+ print "File $ThisFile is not readable. Check permissions.";
+ if ($> != 0) {
+@@ -794,7 +802,7 @@
+ next;
+ }
+ #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt
+- $FileText .= ($ThisFile . " ");
++ $FileText .= ("'" . $ThisFile . "' ");
+ } #End foreach ThisFile
+
+ # remove the ENV entries set by previous service
More information about the Pkg-logwatch-general
mailing list