Home page logo

bugtraq logo Bugtraq mailing list archives

vulnerabilities in logsurfer
From: Jan Kohlrausch <kohlrausch () cert dfn de>
Date: Fri, 4 Oct 2002 19:09:11 +0200 (MEST)


The program "logsurfer" was designed to monitor any text-based
logfiles on systems in realtime. For more informations about
logsurfer we refer to 


1. Affected software:

 All logsurfer versions including 1.5a and earlier. 

1. Problem:

Two vulnerabilities exist In logsurfer version 1.5a and earlier:

a) A off-by-one buffer overflow in the heap segment can occur in
   function context_action() in context.c. Dependent on the
   configuration and the memory management of the language runtime
   system this bug can lead to a crash of logsurfer. In detail, only
   configurations are affected which use the "pipe" action. 
   Although it cannot be ruled out that this vulnerability can be used
   to execute arbitrary code, we're not aware of any exploits to this.

b) A buffer used for the temporary storage of config lines is not
   properly initialized in function readcfg(). Dependent on the
   content of this buffer the function readline() incorrectly assumes
   that this is old data. This data is then used as a config line.

2. Solution:

We recommend to upgrade to logsurfer version 1.5b which is available
from the URL:


In addition, a Patch is available from the URL stated above.

It is strongly recommended to prove the authenticity of the logsurfer
distribution using pgp and/or md5 checksum:

  a) pgp logsurfer-1.5b.tar.asc

  pgp key "Jan Kohlrausch, DFN-CERT <kohlrausch () cert dfn de>" is
     KeyID 0xA5DD03D1,
     Key fingerprint =  A2 55 1C 51 0A 30 3E 78  5B 40 DA B7 14 F7 C9 E8

  b) Md5 checksum:
        MD5 (logsurfer-1.5b.tar) = ade77bed7bc3c73fd26039e69c4937f4

credits: Jonathan Heusser, Yonekawa Susumu, Gary L. Hennigan, and
         Miron Cuperman for reporting the vulnerability and suplying a
         patch. In addition, we thank Wolfgang Ley for his
         constructive comments.

best regards,

- -- 
DFN-CERT GmbH      |                   mailto:info () cert dfn de
Oberstr. 14b       |                   http://www.cert.dfn.de/
D-20144 Hamburg    |                 Phone: +49(40) 808077 555
Germany            |                   FAX: +49(40) 808077 556

Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface


  By Date           By Thread  

Current thread:
  • vulnerabilities in logsurfer Jan Kohlrausch (Oct 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]