SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Logsurfer Vendors:   DFN-CERT
Logsurfer Log File Analysis Tool Buffer Overflow May Let Remote Users Crash the Application
SecurityTracker Alert ID:  1005358
SecurityTracker URL:  http://securitytracker.com/id/1005358
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 4 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.5a and prior versions
Description:   A buffer overflow vulnerability was reported in Logsurfer. A remote user may be able to cause the application to crash.

It is reported that there is an off-by-one buffer overflow in the context_action() function in context.c. A remote user may be able to cause the application to crash, depending on the system configuration. It is reported that only configurations using the "pipe" action are affected. The report indicates that there are no known exploits to execute arbitrary code, but this cannot be ruled out.

Also, the readcfg() function does not properly initialize a buffer used for the temporary storage of configuration lines, causing the system to use the wrong data as a configuration line.

The report credits Jonathan Heusser, Yonekawa Susumu, Gary L. Hennigan, and Miron Cuperman for reporting this flaw and developing a patch and Wolfgang Ley for providing comments.

Impact:   A remote user may be able to cause the application to crash.
Solution:   The vendor has released a fixed version (1.5b), available at:

ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/

Also, a patch is available from the above listed URL.

The verification checksums are provided:

a) pgp logsurfer-1.5b.tar.asc

pgp key "Jan Kohlrausch, DFN-CERT <kohlrausch@cert.dfn.de>" is required:

KeyID 0xA5DD03D1,
Key fingerprint = A2 55 1C 51 0A 30 3E 78 5B 40 DA B7 14 F7 C9 E8

b) Md5 checksum:

MD5 (logsurfer-1.5b.tar) = ade77bed7bc3c73fd26039e69c4937f4

Vendor URL:  www.cert.dfn.de/eng/logsurf/home.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  vulnerabilities in logsurfer


-----BEGIN PGP SIGNED MESSAGE-----


The program "logsurfer" was designed to monitor any text-based
logfiles on systems in realtime. For more informations about
logsurfer we refer to 

	http://www.cert.dfn.de/eng/logsurf/home.html

1. Affected software:

 All logsurfer versions including 1.5a and earlier. 

1. Problem:

Two vulnerabilities exist In logsurfer version 1.5a and earlier:

a) A off-by-one buffer overflow in the heap segment can occur in
   function context_action() in context.c. Dependent on the
   configuration and the memory management of the language runtime
   system this bug can lead to a crash of logsurfer. In detail, only
   configurations are affected which use the "pipe" action. 
   Although it cannot be ruled out that this vulnerability can be used
   to execute arbitrary code, we're not aware of any exploits to this.

b) A buffer used for the temporary storage of config lines is not
   properly initialized in function readcfg(). Dependent on the
   content of this buffer the function readline() incorrectly assumes
   that this is old data. This data is then used as a config line.


2. Solution:

We recommend to upgrade to logsurfer version 1.5b which is available
from the URL:

	ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/

In addition, a Patch is available from the URL stated above.

It is strongly recommended to prove the authenticity of the logsurfer
distribution using pgp and/or md5 checksum:

  a) pgp logsurfer-1.5b.tar.asc

  pgp key "Jan Kohlrausch, DFN-CERT <kohlrausch@cert.dfn.de>" is
  required:
 
     KeyID 0xA5DD03D1,
     Key fingerprint =  A2 55 1C 51 0A 30 3E 78  5B 40 DA B7 14 F7 C9 E8

  b) Md5 checksum:
  
	MD5 (logsurfer-1.5b.tar) = ade77bed7bc3c73fd26039e69c4937f4

credits: Jonathan Heusser, Yonekawa Susumu, Gary L. Hennigan, and
         Miron Cuperman for reporting the vulnerability and suplying a
         patch. In addition, we thank Wolfgang Ley for his
         constructive comments.


best regards,
	DFN-CERT

- -- 
DFN-CERT GmbH      |                   mailto:info@cert.dfn.de
Oberstr. 14b       |                   http://www.cert.dfn.de/
D-20144 Hamburg    |                 Phone: +49(40) 808077 555
Germany            |                   FAX: +49(40) 808077 556



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQEVAgUBPZ3LF+I9ttyl3QPRAQGz6gf+PkD6rpksdjtGFTxDZH5bH+gbE6f4gCPG
xcvlsbj3E8KFg+0fNgwY55KyGXppupgAFXrEI3iwrjsARZYtpGqd77nf0l+rzq4/
Bmeqor3v+iXYE8+rBYnraaTbCbxURwuODEQIuGvKrhjg06JPCKlIrROVc7Q0ep6d
XBZfKYpFrZGrClUBBD/aZ5gFif64i/Vf1w1qSHn6NqFHbB3ZVSBOXH/SJge3P7Lv
I4tFliXT7XkyYvQO/f5kBf9i7+e8SX9ne74jJY9oOSJcs9HkX7jjyniYfy2VzvzM
L1i/22IoRft2BcT9g5UMzYoOv1N7GkT7dxRky1Ty3A0uLK/cD9KofA==
=/UcX
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC