Bug 674984 - VUL-0: logwatch: Privilege escalation due improper sanitization of special characters in log file names
VUL-0: logwatch: Privilege escalation due improper sanitization of special ch...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.2:38972 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-25 09:05 UTC by Thomas Biege
Modified: 2011-03-30 12:44 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2011-02-25 09:05:16 UTC
Hi.
There is a security bug in package 'logwatch'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

CVE number: CVE-2011-1018
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1018
CVSS v2 Base Score: 8.5 (important) (AV:N/AC:M/Au:S/C:C/I:C/A:C)


Original posting:



CVE-2011-1018

----------  Weitergeleitete Nachricht  ----------

Betreff: [oss-security] CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names
Datum: Donnerstag 24 Februar 2011
Von: Jan Lieskovsky <jlieskov@redhat.com>
An: "Steven M. Christey" <coley@linus.mitre.org>

Hello Josh, Steve, vendors,

   a security flaw was found in the way logwatch, a log file
   analysis program, pre-processed log files, containing certain
   special characters in their names. A remote attacker could
   use this flaw to execute arbitrary code with the privileges
   of the privileged system user (root) by creating a
   specially-crafted log file, subsequently analyzed by the
   logwatch script.

   Upstream bug report:
   [1] http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824

   Related patch:
   [2] http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26

   Other references:
   [3] http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel
   [4] https://bugzilla.redhat.com/show_bug.cgi?id=680237

Could you allocate a CVE id for this issue?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

-------------------------------------------------------------
Comment 1 Philipp Thomas 2011-02-25 13:06:16 UTC
Fixed packages for 11.2, 11.3, factory, sle11 sp1, sle10 sp3 and sle10 sp4 submitted in SRs 62800, 62803, 162804, 10896, 10897 and 10898. Thomas, will you do the needed patchinfo?
Comment 2 Thomas Biege 2011-02-25 13:22:54 UTC
Yes, I will take care of the rest of the process. Thanks.
Comment 3 Swamp Workflow Management 2011-02-25 13:24:57 UTC
The SWAMPID for this issue is 38971.
This issue was rated as important.
Please submit fixed packages until 2011-03-04.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 11 Swamp Workflow Management 2011-03-30 07:12:36 UTC
Update released for: logwatch
Products:
openSUSE 11.2 (i586)
openSUSE 11.3 (i586)
Comment 12 Ludwig Nussel 2011-03-30 07:14:36 UTC
released
Comment 13 Swamp Workflow Management 2011-03-30 09:51:46 UTC
Update released for: logwatch
Products:
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Comment 14 Swamp Workflow Management 2011-03-30 09:58:15 UTC
Update released for: logwatch
Products:
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 15 Swamp Workflow Management 2011-03-30 10:07:25 UTC
Update released for: logwatch
Products:
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)