Logwatch Secure Script Denial Of Service Vulnerability

Bugtraq ID:	13273
Class:	Input Validation Error
CVE:	CVE-2005-1061
Remote:	Yes
Local:	Yes
Published:	Apr 20 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	This issue was announced by Red Hat.
Vulnerable:	LogWatch LogWatch 2.6 + Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 + Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 + Redhat Advanced Workstation for the Itanium Processor 2.1 + Redhat Advanced Workstation for the Itanium Processor 2.1 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 LogWatch LogWatch 2.5 LogWatch LogWatch 2.1.1 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 alpha
Not Vulnerable:

Logwatch Secure Script Denial Of Service Vulnerability

Logwatch is prone to a denial of vulnerability in the secure script.

This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service condition. As a result, the utility may not detect subsequent malicious activity.

Logwatch Secure Script Denial Of Service Vulnerability

There is no exploit required.

The following example was provided to demonstrate how to reproduce the issue:

logger -p authpriv.notice '+++ connection closed by localhost +++'

Logwatch Secure Script Denial Of Service Vulnerability

Solution:
Red Hat has released fixes to address this issue on affected platforms. These fixes are available through the Red Hat Network and may be obtained by running the Red Hat Update Agent. Please see attached advisory RHSA-2005:364-06 for further details.

Logwatch Secure Script Denial Of Service Vulnerability

References:

• Logwatch Homepage (Logwatch)
  
• RHSA-2005:364-06 - logwatch security update (Red Hat)