Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Rsyslog vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-1338-1 | First vendor Publication | 2012-01-23 |
| Vendor | Ubuntu | Last vendor Modification | 2012-01-23 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 Summary: Rsyslog could be made to crash if it processed a specially crafted log message. Software Description: - rsyslog: Enhanced syslogd Details: Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1338-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15456 | |||
| Oval ID: | oval:org.mitre.oval:def:15456 | ||
| Title: | USN-1338-1 -- Rsyslog vulnerability | ||
| Description: | rsyslog: Enhanced syslogd Rsyslog could be made to crash if it processed a specially crafted log message. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1338-1 CVE-2011-4623 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | Rsyslog |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21554 | |||
| Oval ID: | oval:org.mitre.oval:def:21554 | ||
| Title: | RHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
| Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0796-04 CESA-2012:0796 CVE-2011-4623 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22990 | |||
| Oval ID: | oval:org.mitre.oval:def:22990 | ||
| Title: | ELSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
| Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0796-04 CVE-2011-4623 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27839 | |||
| Oval ID: | oval:org.mitre.oval:def:27839 | ||
| Title: | DEPRECATED: ELSA-2012-0796 -- rsyslog security, bug fix, and enhancement update (moderate) | ||
| Description: | [5.8.10-2] - add patch to update information on debugging in the man page Resolves: #820311 - add patch to prevent debug output to stdout after forking Resolves: #820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: #822118 [5.8.10-1] - rebase to rsyslog 5.8.10 Resolves: #803550 Resolves: #805424 Resolves: #813079 Resolves: #813084 - consider lock file in 'status' action Resolves: #807608 - add impstats and imptcp modules - include new license text files - specify which versions of sysklogd are obsoleted [5.8.7-1] - rebase to rsyslog-5.8.7 - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)' http://blog.gerhards.net/2012/01/rsyslog-licensing-update.html - remove patches obsoleted by rebase - add patches for better sysklogd compatibility (taken from upstream) - update included files for the new major version Resolves: #672182 Resolves: #727380 Resolves: #756664 Resolves: #767527 Resolves: #769025 - add several directories for storing auxiliary data Resolves: #740420 - fix source package URL | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0796 CVE-2011-4623 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for rsyslog CESA-2012:0796 centos6 File : nvt/gb_CESA-2012_0796_rsyslog_centos6.nasl |
| 2012-06-28 | Name : Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog) File : nvt/gb_mandriva_MDVSA_2012_100.nasl |
| 2012-06-22 | Name : RedHat Update for rsyslog RHSA-2012:0796-04 File : nvt/gb_RHSA-2012_0796-04_rsyslog.nasl |
| 2012-01-25 | Name : Ubuntu Update for rsyslog USN-1338-1 File : nvt/gb_ubuntu_USN_1338_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78510 | rsyslog runtime/stringbuf.c rsCStrExtendBuf() Function Message Parsing Remote... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-35.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-105.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_rsyslog_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-06-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-100.nasl - Type : ACT_GATHER_INFO |
| 2012-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1338-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:59:34 |
|
