*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: pads
In messages, I found discontiguous log entries like this:
Oct 12 22:43:27 xxxx Found: Port - 80 / Host - 209.67.233.146 / Service - www
/ Application - Apache 2.0.46 (CentOS) [*] Asset Found: Port - 80
/ Host - 38.98.19.125 / Service - www / Application - Apache 2.2.6 (Unix) [*]
Asset Found: Port - 80 / Host - 209.67.233.140 / Service - www / A
pplication - Apache [*] Asset Found: Port - 80 / Host - 84.19.183.157 /
Service - www / Application - Apache 1.3.33 (Debian GNU/Linux) [*] Asset
Found: Port - 80 / Host - 64.34.180.144 / Service - www / Application -
lighttpd/1.5.0 [*] Asset Found: Port - 80 / Host - 80.157.151.28 / Service -
www / Application - Apache [*] Asset Found: Port - 80 / Host - 208.245.211.8 /
Service - www / Application - Apache 2.2.3 (Debian) [*] Asset Found: Port - 80
/ Host - 80.157.151.17 / Service - www / Application - Apache [*] Asset Found:
Port - 80 / Host - 80.157.151.42 / Service - www / Application - Apache [*]
Asset Found: Port - 80 / Host - 80.157.151.9 / Service - www / Application -
Apache 1.3.37 (Unix) [*] Asset Found: Port - 80 / Host - 8
These are produced while browsing websites. They are repeated on some
irregular intervall seemingly depending on the frequency of browsing
(e.g. discovering new assets, speaking pads terminology).
If you ever saw the assets.csv produced by package pads, it's obvious
that these entries come from that package.
The worrying thing is the discontiguous, uncomplete and unexpected
nature of the entries. They don't start/end in a sensible manner (e.g.
aligned to field boundaries s of the "real" pads log entries into
assets.csv), and entries following one another do not constitute a
complete "log" because parts are missing. This kind of log should not
exist anyway, I don't see any reason why this package produce any such
kind of /var/log/messages log entry as the logged assets are correctly,
simultaneously and appropriately (=expectedly) logged in said
assets.csv as they should.
Conclusion: Something quite more disturbing than just some defect log entry
might be going on, maybe memory corruption, some wrong function call or such.
Since this package is used in conjunction with networking auditing and runs on
network capture files or promiscuous mode interfaces, it might be security
relevant.
This is on a completely up to date hardy.
pads version = 1.2-7
** Affects: pads (Ubuntu)
Importance: Undecided
Status: New
--
defective log entries from pads in /var/log/messages
https://bugs.launchpad.net/bugs/282590
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
