Debian DSA-186-1 : log2mail - buffer overflow

critical Nessus Plugin ID 15023

Synopsis

The remote Debian host is missing a security-related update.

Description

Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail.
The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root.

Solution

Upgrade the log2mail package.

This problem has been fixed in version 0.2.5.1 the current stable distribution (woody) and in version 0.2.6-1 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a log2mail package.

See Also

http://www.debian.org/security/2002/dsa-186

Plugin Details

Severity: Critical

ID: 15023

File Name: debian_DSA-186.nasl

Version: 1.16

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:log2mail, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/1/2002

Reference Information

CVE: CVE-2002-1251

DSA: 186