CFEngine 3.7 flagged security problems
22 views
Skip to first unread message
Todd Erwin
Sep 2, 2015, 2:27:50 PM9/2/15
to help-cfengine
I found some Security issues using one of the INDUSTRY STANDARD security checker tools and was wondering what was the process was for getting these fixed?
Most of the issues are around Buffer Overflows it seems that the use of old outdated functions can be some security concern.
This is a document that talks about them and ways to fix them, I have changed some of the code in 3.6 (Was hoping 3.7 had fixed but had the same code) and re-compiled it for our ENV and have removed the errors from the security tool, however I'm not sure what NEGTIVE effect it would have down the road by creating LIMITS to these buffers?
It seems more plausible that this gets addressed by CFEngine since there are ~80 of these Buffer Overflows.
If someone could tell me how to proceed that would be awesome.
Todd.
Nick Anderson
Sep 2, 2015, 2:39:47 PM9/2/15
to Todd Erwin, help-cfengine
Eystein Måløy Stenberg
Sep 2, 2015, 11:14:25 PM9/2/15
to Nick Anderson, Todd Erwin, help-cfengine
Just to not make everybody freak out: we are talking about possible
buffer overflows here (e.g. it flags use of strcpy() instead of strlcpy()).
Such uses are bugfree if used correctly, but they can create bugs and in
the utmost consequence security bugs if used carelessly (most of the
time it will "just" be a occasional segfault, though).
So in order for it to be a security vulnerability, it must be a bug
caused by this and it must be exploitable (e.g. privilege escalation, etc.).
There aren't any such known cases (not even bugs), but please let the
team at secu...@cfengine.com asap if you know about such a case. If you
can provide the report you're looking at that might also help if you
can't confirm any issue.
--
Eystein
buffer overflows here (e.g. it flags use of strcpy() instead of strlcpy()).
Such uses are bugfree if used correctly, but they can create bugs and in
the utmost consequence security bugs if used carelessly (most of the
time it will "just" be a occasional segfault, though).
So in order for it to be a security vulnerability, it must be a bug
caused by this and it must be exploitable (e.g. privilege escalation, etc.).
There aren't any such known cases (not even bugs), but please let the
team at secu...@cfengine.com asap if you know about such a case. If you
can provide the report you're looking at that might also help if you
can't confirm any issue.
Eystein
Reply all
Reply to author
Forward
0 new messages