Executive Summary
Summary | |
---|---|
Title | RSYSLOG: Denial of Service |
Informations | |||
---|---|---|---|
Name | GLSA-201412-35 | First vendor Publication | 2014-12-24 |
Vendor | Gentoo | Last vendor Modification | 2014-12-24 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201412-35.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-35.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15456 | |||
Oval ID: | oval:org.mitre.oval:def:15456 | ||
Title: | USN-1338-1 -- Rsyslog vulnerability | ||
Description: | rsyslog: Enhanced syslogd Rsyslog could be made to crash if it processed a specially crafted log message. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1338-1 CVE-2011-4623 | Version: | 5 |
Platform(s): | Ubuntu 11.04 | Product(s): | Rsyslog |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21554 | |||
Oval ID: | oval:org.mitre.oval:def:21554 | ||
Title: | RHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0796-04 CESA-2012:0796 CVE-2011-4623 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22990 | |||
Oval ID: | oval:org.mitre.oval:def:22990 | ||
Title: | ELSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0796-04 CVE-2011-4623 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26330 | |||
Oval ID: | oval:org.mitre.oval:def:26330 | ||
Title: | USN-2381-1 -- rsyslog vulnerabilities | ||
Description: | Rsyslog could be made to crash if it received specially crafted input. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2381-1 CVE-2014-3634 CVE-2014-3683 | Version: | 3 |
Platform(s): | Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26767 | |||
Oval ID: | oval:org.mitre.oval:def:26767 | ||
Title: | RHSA-2014:1654: rsyslog7 security update (Important) | ||
Description: | The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1654-00 CVE-2014-3634 CESA-2014:1654 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | rsyslog7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26816 | |||
Oval ID: | oval:org.mitre.oval:def:26816 | ||
Title: | RHSA-2014:1671 -- rsyslog5 and rsyslog security update (Moderate) | ||
Description: | The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog5 and rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1671 CESA-2014:1671 CVE-2014-3634 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | rsyslog rsyslog5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27109 | |||
Oval ID: | oval:org.mitre.oval:def:27109 | ||
Title: | DSA-3040-1 rsyslog - security update | ||
Description: | Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3040-1 CVE-2014-3634 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27159 | |||
Oval ID: | oval:org.mitre.oval:def:27159 | ||
Title: | RHSA-2014:1397: rsyslog security update (Important) | ||
Description: | The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1397-00 CESA-2014:1397 CVE-2014-3634 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27164 | |||
Oval ID: | oval:org.mitre.oval:def:27164 | ||
Title: | DSA-3047-1 rsyslog - security update | ||
Description: | Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3047-1 CVE-2014-3683 CVE-2014-3634 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27302 | |||
Oval ID: | oval:org.mitre.oval:def:27302 | ||
Title: | ELSA-2014-1654 -- rsyslog7 security update (important) | ||
Description: | [7.4.10-3] - fix CVE-2014-3634 resolves: #1149150 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1654 CVE-2014-3634 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | rsyslog7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27839 | |||
Oval ID: | oval:org.mitre.oval:def:27839 | ||
Title: | DEPRECATED: ELSA-2012-0796 -- rsyslog security, bug fix, and enhancement update (moderate) | ||
Description: | [5.8.10-2] - add patch to update information on debugging in the man page Resolves: #820311 - add patch to prevent debug output to stdout after forking Resolves: #820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: #822118 [5.8.10-1] - rebase to rsyslog 5.8.10 Resolves: #803550 Resolves: #805424 Resolves: #813079 Resolves: #813084 - consider lock file in 'status' action Resolves: #807608 - add impstats and imptcp modules - include new license text files - specify which versions of sysklogd are obsoleted [5.8.7-1] - rebase to rsyslog-5.8.7 - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)' http://blog.gerhards.net/2012/01/rsyslog-licensing-update.html - remove patches obsoleted by rebase - add patches for better sysklogd compatibility (taken from upstream) - update included files for the new major version Resolves: #672182 Resolves: #727380 Resolves: #756664 Resolves: #767527 Resolves: #769025 - add several directories for storing auxiliary data Resolves: #740420 - fix source package URL | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0796 CVE-2011-4623 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27883 | |||
Oval ID: | oval:org.mitre.oval:def:27883 | ||
Title: | Open Source RSyslog vulnerability | ||
Description: | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3634 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28412 | |||
Oval ID: | oval:org.mitre.oval:def:28412 | ||
Title: | AIX OpenSSL DTLS recursion flaw | ||
Description: | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3683 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28432 | |||
Oval ID: | oval:org.mitre.oval:def:28432 | ||
Title: | SUSE-SU-2014:1438-1 -- update for rsyslog (moderate) | ||
Description: | This update for rsyslog provides the following fixes: - Fixed remote PRI DoS vulnerability patch (CVE-2014-3683, bnc#899756) - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package (bnc#890228) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1438-1 CVE-2014-3683 CVE-2014-3634 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | rsyslog |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for rsyslog CESA-2012:0796 centos6 File : nvt/gb_CESA-2012_0796_rsyslog_centos6.nasl |
2012-06-28 | Name : Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog) File : nvt/gb_mandriva_MDVSA_2012_100.nasl |
2012-06-22 | Name : RedHat Update for rsyslog RHSA-2012:0796-04 File : nvt/gb_RHSA-2012_0796-04_rsyslog.nasl |
2012-01-25 | Name : Ubuntu Update for rsyslog USN-1338-1 File : nvt/gb_ubuntu_USN_1338_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78510 | rsyslog runtime/stringbuf.c rsCStrExtendBuf() Function Message Parsing Remote... |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-16 | rsyslog remote PRI out of bounds attempt RuleID : 33858 - Revision : 3 - Type : SERVER-OTHER |
2014-11-19 | rsyslog remote PRI out of bounds attempt RuleID : 32240 - Revision : 4 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1438-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-130.nasl - Type : ACT_GATHER_INFO |
2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-35.nasl - Type : ACT_GATHER_INFO |
2014-12-02 | Name : The remote AIX host has a vulnerable version of rsyslog. File : aix_rsyslog_advisory.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0030.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-445.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12875.nasl - Type : ACT_GATHER_INFO |
2014-10-27 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12910.nasl - Type : ACT_GATHER_INFO |
2014-10-27 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12878.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141020_rsyslog5_and_rsyslog_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1654.nasl - Type : ACT_GATHER_INFO |
2014-10-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-196.nasl - Type : ACT_GATHER_INFO |
2014-10-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1671.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-591.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-592.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12563.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12503.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_rsyslog-141006.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141013_rsyslog_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1397.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO |
2014-10-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2381-1.nasl - Type : ACT_GATHER_INFO |
2014-10-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3047.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3040.nasl - Type : ACT_GATHER_INFO |
2014-10-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8e0e86ff48b511e4ab80000c29f6ae42.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-105.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_rsyslog_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
2012-06-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-100.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1338-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-27 13:25:15 |
|
2014-12-25 00:22:07 |
|