#13 special chracters in log file names break logwatch

closed
nobody
None
8
2011-02-19
2011-02-16
No

Special chracters are not masked in commands passed to sh from logwatch. This became obvious when a log file named log.3836jai)xoh) was created on our system by a Samba user maliciously logging in as 3836jai)xoh).

This broke logwatch:

sh: -c: line 0: syntax error near unexpected token `)'
sh: -c: line 0: `cat /var/log/samba/log. 4023 /var/log/sa ................

Obviously this also allows for remote command execution with root privileges, for that matter .... what about logging in as "; rm -rf /" ?

Discussion

  • Dominik George

    Dominik George - 2011-02-16

    Raised priority as this is a major security issue.

     
  • Dominik George

    Dominik George - 2011-02-16
    • priority: 5 --> 8
     
  • Bjorn

    Bjorn - 2011-02-19

    Proposed patch

     
  • Bjorn

    Bjorn - 2011-02-19

    Dominik,

    Can you patch your logwatch.pl executable with the attached patch, and let me know if it solves your problem?

     
  • Mike Tremaine

    Mike Tremaine - 2011-02-19
    • status: open --> closed
     
  • Mike Tremaine

    Mike Tremaine - 2011-02-19

    Bjorn's patch looks right to me. I patched my local server and it works. So I'll commit to svn and wait for someone to tell me it's broken.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks