Bug 69243

Summary: logwatch goes wrong when it finds IPv6 addresses
Product: [Retired] Red Hat Linux Reporter: Pete Chown <2>
Component: logwatchAssignee: Elliot Lee <sopwith>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-07-19 15:09:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pete Chown 2002-07-19 15:09:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606

Description of problem:
When logwatch comes across a version 6 IP literal (ie the 1:2:3:4:5:6:7:8
format) it fails to parse it and gives an error message.  The message says that
something was not numeric, perhaps because it tried to split the address up by
searching for '.'.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Turn on IPv6 in /etc/sysconfig/network.  If there are no router
advertisements on your network you may need to configure an IPv6 address for
your machine manually.  You may also need to reboot in order for the settings to
take effect.

2. Ensure that sshd is running and listening on the IPv6 interface.  (This is
just an example, other services do it too.)

3. Use ssh to connect to the IPv6 interface.

4. Use logwatch to analyse the resulting log file entries.


Actual Results:  An error message was output saying that some text was not numeric.

Expected Results:  The IPv6 addresses should have been treated the same was as
IPv4 ones.

Additional info:

Although this bug cannot be used to gain unauthorised access, it reduces the
security of your machine.  Proper audit is an important security function.  For
this reason I am marking this bug as security- related.  At the same time, IMO,
this bug does not have the same priority as an exploitable security hole.
Comment 1 Elliot Lee 2002-07-19 15:26:12 UTC 

*** This bug has been marked as a duplicate of 62893 ***