TS-2024-008

Vulnerability from tailscale - Published: Fri, 14 Jun 2024 00:00:00 GMT

Description: Partial loss of audit and network flow logs

What happened?

An integer overflow in our logs processing service led to some customer logs to be non-deterministically dropped with a probability of 14%. The overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and was detected and resolved by June 14th, 2024 at 00:40 UTC.

Who was affected?

All tailnets that rely on audit and network flow logs have been affected.

What was the impact?

The 14% chance of dropped log entries affects storing of logs such as configuration audit logs and network flow logs. While logs can be retrieved for the timeframe that the overflow bug was active, some fraction of the entries may be missing.

What do I need to do?

No action is needed at this time.

We fixed the bug, added additional error checking, and deployed both to the logs processing service.

Show details on source website
To clipboard 

{
  "guidislink": false,
  "id": "https://tailscale.com/security-bulletins/#ts-2024-008",
  "link": "https://tailscale.com/security-bulletins/#ts-2024-008",
  "links": [
    {
      "href": "https://tailscale.com/security-bulletins/#ts-2024-008",
      "rel": "alternate",
      "type": "text/html"
    }
  ],
  "published": "Fri, 14 Jun 2024 00:00:00 GMT",
  "summary": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Partial loss of audit and network flow logs\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eAn integer overflow in our logs processing service led to some customer logs\nto be non-deterministically dropped with a probability of 14%.\nThe overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and\nwas detected and resolved by June 14th, 2024 at 00:40 UTC.\u003c/p\u003e\n\u003ch5\u003eWho was affected?\u003c/h5\u003e\n\u003cp\u003eAll tailnets that rely on audit and network flow logs have been affected.\u003c/p\u003e\n\u003ch5\u003eWhat was the impact?\u003c/h5\u003e\n\u003cp\u003eThe 14% chance of dropped log entries affects storing of logs such as\n\u003ca href=\"https://tailscale.com/kb/1203/audit-logging\"\u003econfiguration audit logs\u003c/a\u003e and\n\u003ca href=\"https://tailscale.com/kb/1219/network-flow-logs\"\u003enetwork flow logs\u003c/a\u003e.\nWhile logs can be retrieved for the timeframe that the overflow bug was active,\nsome fraction of the entries may be missing.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eNo action is needed at this time.\u003c/p\u003e\n\u003cp\u003eWe fixed the bug, added additional error checking, and\ndeployed both to the logs processing service.\u003c/p\u003e",
  "summary_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/html",
    "value": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: Partial loss of audit and network flow logs\u003c/p\u003e\n\u003ch5\u003eWhat happened?\u003c/h5\u003e\n\u003cp\u003eAn integer overflow in our logs processing service led to some customer logs\nto be non-deterministically dropped with a probability of 14%.\nThe overflow condition first exhibited on June 7th, 2024 at 20:45 UTC and\nwas detected and resolved by June 14th, 2024 at 00:40 UTC.\u003c/p\u003e\n\u003ch5\u003eWho was affected?\u003c/h5\u003e\n\u003cp\u003eAll tailnets that rely on audit and network flow logs have been affected.\u003c/p\u003e\n\u003ch5\u003eWhat was the impact?\u003c/h5\u003e\n\u003cp\u003eThe 14% chance of dropped log entries affects storing of logs such as\n\u003ca href=\"https://tailscale.com/kb/1203/audit-logging\"\u003econfiguration audit logs\u003c/a\u003e and\n\u003ca href=\"https://tailscale.com/kb/1219/network-flow-logs\"\u003enetwork flow logs\u003c/a\u003e.\nWhile logs can be retrieved for the timeframe that the overflow bug was active,\nsome fraction of the entries may be missing.\u003c/p\u003e\n\u003ch5\u003eWhat do I need to do?\u003c/h5\u003e\n\u003cp\u003eNo action is needed at this time.\u003c/p\u003e\n\u003cp\u003eWe fixed the bug, added additional error checking, and\ndeployed both to the logs processing service.\u003c/p\u003e"
  },
  "title": "TS-2024-008",
  "title_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/plain",
    "value": "TS-2024-008"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.