[Secure-testing-team] Bug#860052: can generate illegal and thus lost e-mail messages due to long lines

Paul Traina pst at debian-reportbug2017.st.pst.org
Mon Apr 10 20:59:39 UTC 2017 

Package: logcheck
Version: 1.3.18
Severity: important
Tags: security

[Note: I've tagged this with security because of the DoS potential,
where admins relying on logcheck can have their logs "lost" if someone
generates a long log message. Your choice whether you think it's
legitimate or not, but I am obligated to point it out.]

If a log line is generated that is >998 characters, logcheck will
generate an illegal (MUST in SMTP RFC is violated) e-mail message that
exim (and possibly other mailers) will choke on.

This was caused because we force mime-encode to use an encoding of 7bit
on the resultant logfiles.

That's fundamentally a mistake, as mime-encode is smart enough to
recognize that the encoding needs to be changed in cases where lines
have non-ascii characters or are too long, and will re-encode as
quoted-printable.

I can imagine, in days past, that this was a deliberate choice because
so many sysadmin types were using non-mime-compliant MUAs and wanted to
be able to simply cut and paste out of /bin/mailx output, but we don't
live in that universe and haven't for a couple of decades.

Dropping all log messages because of one overly-long-line is highly
problematic.

Fix:

Any place in `/usr/sbin/logcheck` where there is --enconding "7bit"
can simply be removed.  Let mime-encode do its job, it knows better than
logcheck what to do with the input data.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab120.16 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logcheck depends on:
ii  adduser                                    3.115
ii  cron [cron-daemon]                         3.0pl1-128+b1
ii  exim4-daemon-light [mail-transport-agent]  4.88-5
ii  lockfile-progs                             0.1.17+b1
ii  logtail                                    1.3.18
ii  mime-construct                             1.11+nmu2
ii  rsyslog [system-log-daemon]                8.24.0-1

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.18

Versions of packages logcheck suggests:
pn  syslog-summary  <none>

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: '/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: '/etc/logcheck/logcheck.logfiles'

-- no debconf information

More information about the Secure-testing-team mailing list