Hi Guido, Am 15.11.2013 12:46, schrieb Guido Günther: > Package: rsyslog-gssapi > Version: 5.8.11-3 > Severity: critical > tags: security > > Hi, > I can DoS rsyslog with a simple telnet connect: > > rsyslog-gssapi configuration on foo.example.com is: > > $ModLoad imgssapi > $InputGSSServerRun 1514 > > Now when telnetting to port 1514 and simply waiting for the > timeout like: > > # telnet foo.example.com 1514 > Connected to foo.example.com > Escape character is '^]'. > Connection closed by foreign host. > > /var/log/syslog on foo.example.com has: > > Nov 15 12:28:47 foo rsyslogd: TCP session 0x2550730 will be closed, error > ignored > > and rsyslogd crashes like: > > 5487.317324670:7ff49169d700: poll returned with i 1, pUsr 0xf106f0 > 5487.317388061:7ff49169d700: New connect on NSD 0xf269d0. > 5487.319769985:7ff49169d700: GSS-API Trying to accept TCP session 0xf06760 > 5488.321087177:7ff49169d700: Called LogError, msg: TCP session 0xf06760 will > be closed, error ignored > 5488.321207329:7ff49169d700: main Q: entry added, size now log 1, phys 1 > entries > 5488.321250988:7ff49169d700: main Q: EnqueueMsg advised worker start > 5488.321378952:7ff492ea0700: wti 0xf54e10: worker awoke from idle processing > Segmentation fault (core dumped) > > The bt is not very helpful though: > > Core was generated by `/usr/sbin/rsyslogd -d -n'. > Program terminated with signal 11, Segmentation fault. > #0 0x00007ff4936b5428 in ?? () from /usr/lib/rsyslog/lmtcpsrv.so > (gdb) bt > #0 0x00007ff4936b5428 in ?? () from /usr/lib/rsyslog/lmtcpsrv.so > #1 0x000000000043ae66 in ?? () > #2 0x00007ff496056b50 in start_thread () from > /lib/x86_64-linux-gnu/libpthread.so.0 > #3 0x00007ff495994a7d in clone () from /lib/x86_64-linux-gnu/libc.so.6 > #4 0x0000000000000000 in ?? () > > Since this make rsyslog-gssapi insecure on any public network I've > flagged it as critical/security.
You mentioned that the current version in sid is not affected. Could you run a git bisect to find the fix for this issue? That would be greatly appreciated. I'm currently evaluating whether to do a stable upload or not. But for this I'd need a targetted patch. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
