[Bug 695240] Re: $AllowedSender directive is ignored
Simon Déziel
695240 at bugs.launchpad.net
Sat May 25 19:40:13 UTC 2013
This is fixed at least in Precise's package (rsyslog 5.8.6-1ubuntu8.2).
** Changed in: rsyslog (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/695240
Title:
$AllowedSender directive is ignored
Status in “rsyslog” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: rsyslog
Even though I have
$AllowedSender TCP, 128.59.145.208, 128.59.147.205, 128.59.147.192,
128.59.144.145
in /etc/rsyslog.conf, rsyslog happily accepts relp messages from
128.59.146.167.
The changelog mentions
rsyslog (3.18.6-1) unstable; urgency=high
* New upstream bugfix release.
- Fix "$AllowedSender" security bypass vulnerability. The "$AllowedSender"
configuration directive was not respected, allowing unrestricted network
access to the application. Closes: #508027
No CVE id yet.
So this looks like a regression.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: rsyslog 4.2.0-2ubuntu8.1
ProcVersionSignature: Ubuntu 2.6.32-27.49-server 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-server x86_64
Architecture: amd64
Date: Tue Dec 28 21:35:13 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: rsyslog
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/695240/+subscriptions
More information about the foundations-bugs
mailing list