Title: Michael Krax log2mail Remote Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
The log2mail daemon is a small utility used to watch logfiles and send mail when specified patterns are matched. It is available for Linux and Unix operating systems.
Typically, the log2mail daemon is invoked, by init scripts, during the boot process and is run with root privileges.
A remotely exploitable buffer overflow has been discovered in the log2mail daemon. By generating malicious log entries, it is possible for a remote attacker to cause a static buffer to be overrun, resulting in memory corruption.
By exploiting this vulnerability, it may be possible to overwrite sensitive memory variables with attacker-supplied values, resulting in the execution of arbitrary code with the privileges of the daemon.
This vulnerability was reported in log2mail v0.2.5. It is not yet known if this issue affects earlier versions.
Affected Products:
- Debian Linux 3.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- log2mail log2mail 0.2.5 .0
References:
- Enrico Zini: log2mail page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
