-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
6 vulnerabilities in logrotate binary #533
Comments
@blu3sh0rk Thank you for reporting the issues! We prefer issues with potential security impact to be reported off the public issue tracker. In this specific case, it is not a big deal because Denial of Service (DoS) or Remote Code Execution (RCE) with logrotate is trivial if its config file is already under your control. That is, you can configure logroate to execute whatever you want even if we fix all the issues you reported. Anyway, thank you for providing all the details and reproducers. We will have a look how to make logrotate's code more robust. |
Thanks @blu3sh0rk for finding and reporting these issues. Poc 0x02 seems to be an issue in the glob(3) implementation of glibc, since the man page does not mention any limitations on the supported input or offers a flag for secure operations on user controlled input. Do you mind reporting it against glibc? |
6 vulnerabilities in logrotate binary
We found 6 vulnerabilities in logrotate binary and logrotate is complied with clang enabling ASAN.
Reproduction
Environment
OS: Ubuntu
20.04.5 LTS
Compiler:
gcc version 9.4.0
orclang-12
version: commit
c9e3cb069b85dd57b6747d6f6b5da6039fae5421
0x01 double-free in config.c:1846:31
poc1:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc1_double_free
IMPACT
Potentially causing DoS and RCE
0x02 stack-buffer-overflow in config.c:1826
poc2:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc2_stack_overflow
gdb backtrace
IMPACT
Potentially causing DoS or RCE
0x03 double free in config.c:503:5
**poc3 **:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc3_double_free
IMPACT
Potentially causing DoS and RCE
0x04 segv in config.c:2093:32
poc4:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc4_segv
IMPACT
Potentially causing DoS
0x05 stack-buffer-overflow in logrotate.c:1836:20 in prerotateSingleLog
poc5:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc5_stack_overflow
IMPACT
Potentially causing DoS and RCE
0x06 stack-buffer-overflow in logrotate.c:1830:28 in prerotateSingleLog
poc6:https://github.com/GGb0ndQAQ/POC/blob/main/logrotate/poc6_stack_overflow
IMPACT
Potentially causing DoS and RCE
The text was updated successfully, but these errors were encountered: