[Pkg-logwatch-general] r90 - in trunk: debian patches

Willi Mann willi-guest at alioth.debian.org
Wed Mar 2 12:17:46 UTC 2011


Author: willi-guest
Date: 2011-03-02 12:17:45 +0000 (Wed, 02 Mar 2011)
New Revision: 90

Added:
   trunk/patches/09-CVE-2011-1018.diff
Modified:
   trunk/debian/changelog
Log:
logwatch (7.3.6.cvs20090906-2) unstable; urgency=high

  * CVE-2011-1018: Remote code execution by combination of 
    - Logfile name by attacker's choice (e.g. samba log files) and
    - Missing sanitization of logfile names in system() call. 
    - fix by encapsulating logfile names in ' and disallowing '.
      Taken from upstream. 
    - closes: #615995


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2009-09-12 10:39:53 UTC (rev 89)
+++ trunk/debian/changelog	2011-03-02 12:17:45 UTC (rev 90)
@@ -1,3 +1,14 @@
+logwatch (7.3.6.cvs20090906-2) unstable; urgency=high
+
+  * CVE-2011-1018: Remote code execution by combination of 
+    - Logfile name by attacker's choice (e.g. samba log files) and
+    - Missing sanitization of logfile names in system() call. 
+    - fix by encapsulating logfile names in ' and disallowing '.
+      Taken from upstream. 
+    - closes: #615995
+
+ -- Willi Mann <willi at wm1.at>  Wed, 02 Mar 2011 08:57:07 +0100
+
 logwatch (7.3.6.cvs20090906-1) unstable; urgency=low
 
   * New CVS snapshot + postfix-logwatch 1.38.01

Added: trunk/patches/09-CVE-2011-1018.diff
===================================================================
--- trunk/patches/09-CVE-2011-1018.diff	                        (rev 0)
+++ trunk/patches/09-CVE-2011-1018.diff	2011-03-02 12:17:45 UTC (rev 90)
@@ -0,0 +1,53 @@
+diff -uNr logwatch-7.3.6.cvs20090906.b/scripts/logwatch.pl logwatch-7.3.6.cvs20090906/scripts/logwatch.pl
+--- logwatch-7.3.6.cvs20090906.b/scripts/logwatch.pl	2011-03-02 08:53:53.000000000 +0100
++++ logwatch-7.3.6.cvs20090906/scripts/logwatch.pl	2011-03-02 08:55:14.000000000 +0100
+@@ -738,6 +738,10 @@
+    my $DestFile =  $TempDir . $LogFile . "-archive";
+    my $Archive;
+    foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
++      if ($Archive =~ /'/) {
++         print "File $Archive has invalid embedded quotes.  File ignored.\n";
++	 next;
++      }
+       my $CheckTime;
+       # We need to find out what's the earliest log we need
+       my @time_t = TimeBuild();
+@@ -765,15 +769,15 @@
+       my @FileStat = stat($Archive);
+       if ($CheckTime <= ($FileStat[9])) {
+          if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) {
+-            my $arguments = "$Archive >> $DestFile";
++            my $arguments = "'${Archive}' >> $DestFile";
+             system("$Config{'pathtozcat'} $arguments") == 0
+                or die "system '$Config{'pathtozcat'} $arguments' failed: $?" 
+          } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) {
+-            my $arguments = "$Archive 2>/dev/null >> $DestFile";
++            my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
+             system("$Config{'pathtobzcat'} $arguments") == 0
+                or die "system '$Config{'pathtobzcat'} $arguments' failed: $?" 
+          } elsif ((-f "$Archive") && (-s "$Archive")) {
+-            my $arguments = "$Archive  >> $DestFile";
++            my $arguments = "'${Archive}'  >> $DestFile";
+             system("$Config{'pathtocat'} $arguments") == 0
+                or die "system '$Config{'pathtocat'} $arguments' failed: $?" 
+          } #End if/elsif existence
+@@ -785,6 +789,10 @@
+    foreach my $ThisFile (@FileList) {
+       #Existence check for files -mgt
+       next unless (-f $ThisFile);
++      if ($ThisFile =~ /'/) {
++         print "File $ThisFile has invalid embedded quotes.  File ignored.\n";
++	 next;
++      }
+       if (! -r $ThisFile) {
+          print "File $ThisFile is not readable.  Check permissions.";
+          if ($> != 0) {
+@@ -794,7 +802,7 @@
+          next;
+       }
+       #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt
+-      $FileText .= ($ThisFile . " ");
++      $FileText .= ("'" . $ThisFile . "' ");
+    } #End foreach ThisFile
+ 
+    # remove the ENV entries set by previous service




More information about the Pkg-logwatch-general mailing list