ts-2024-008
Vulnerability from tailscale

Description: Partial loss of audit and network flow logs

What happened?

An integer overflow in our logs processing service led to some customer logs to be non-deterministically dropped with a probability of 14%. The overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and was detected and resolved by June 14th, 2024 at 00:40 UTC.

Who was affected?

All tailnets that rely on audit and network flow logs have been affected.

What was the impact?

The 14% chance of dropped log entries affects storing of logs such as configuration audit logs and network flow logs. While logs can be retrieved for the timeframe that the overflow bug was active, some fraction of the entries may be missing.

What do I need to do?

No action is needed at this time.

We fixed the bug, added additional error checking, and deployed both to the logs processing service.

Show details on source website


{
  "guidislink": false,
  "id": "https://tailscale.com/security-bulletins/#ts-2024-008",
  "link": "https://tailscale.com/security-bulletins/#ts-2024-008",
  "links": [
    {
      "href": "https://tailscale.com/security-bulletins/#ts-2024-008",
      "rel": "alternate",
      "type": "text/html"
    }
  ],
  "published": "Fri, 14 Jun 2024 00:00:00 GMT",
  "summary": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Partial loss of audit and network flow logs\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eAn integer overflow in our logs processing service led to some customer logs\nto be non-deterministically dropped with a probability of 14%.\nThe overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and\nwas detected and resolved by June 14th, 2024 at 00:40 UTC.\u003c/p\u003e\n\u003ch5\u003eWho was affected?\u003c/h5\u003e\n\u003cp\u003eAll tailnets that rely on audit and network flow logs have been affected.\u003c/p\u003e\n\u003ch5\u003eWhat was the impact?\u003c/h5\u003e\n\u003cp\u003eThe 14% chance of dropped log entries affects storing of logs such as\n\u003ca href=\"https://tailscale.com/kb/1203/audit-logging\"\u003econfiguration audit logs\u003c/a\u003e and\n\u003ca href=\"https://tailscale.com/kb/1219/network-flow-logs\"\u003enetwork flow logs\u003c/a\u003e.\nWhile logs can be retrieved for the timeframe that the overflow bug was active,\nsome fraction of the entries may be missing.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eNo action is needed at this time.\u003c/p\u003e\n\u003cp\u003eWe fixed the bug, added additional error checking, and\ndeployed both to the logs processing service.\u003c/p\u003e",
  "summary_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/html",
    "value": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Partial loss of audit and network flow logs\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eAn integer overflow in our logs processing service led to some customer logs\nto be non-deterministically dropped with a probability of 14%.\nThe overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and\nwas detected and resolved by June 14th, 2024 at 00:40 UTC.\u003c/p\u003e\n\u003ch5\u003eWho was affected?\u003c/h5\u003e\n\u003cp\u003eAll tailnets that rely on audit and network flow logs have been affected.\u003c/p\u003e\n\u003ch5\u003eWhat was the impact?\u003c/h5\u003e\n\u003cp\u003eThe 14% chance of dropped log entries affects storing of logs such as\n\u003ca href=\"https://tailscale.com/kb/1203/audit-logging\"\u003econfiguration audit logs\u003c/a\u003e and\n\u003ca href=\"https://tailscale.com/kb/1219/network-flow-logs\"\u003enetwork flow logs\u003c/a\u003e.\nWhile logs can be retrieved for the timeframe that the overflow bug was active,\nsome fraction of the entries may be missing.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eNo action is needed at this time.\u003c/p\u003e\n\u003cp\u003eWe fixed the bug, added additional error checking, and\ndeployed both to the logs processing service.\u003c/p\u003e"
  },
  "title": "TS-2024-008",
  "title_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/plain",
    "value": "TS-2024-008"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.