7.5 - USN-2381-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Rsyslog vulnerabilities

Informations
Name	USN-2381-1	First vendor Publication	2014-10-09
Vendor	Ubuntu	Last vendor Modification	2014-10-09
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Rsyslog could be made to crash if it received specially crafted input.

Software Description: - rsyslog: Enhanced syslogd

Details:

It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss. (CVE-2014-3634, CVE-2014-3683)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
rsyslog 7.4.4-1ubuntu2.3

Ubuntu 12.04 LTS:
rsyslog 5.8.6-1ubuntu8.9

Ubuntu 10.04 LTS:
rsyslog 4.2.0-2ubuntu8.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2381-1
CVE-2014-3634, CVE-2014-3683

Package Information:
https://launchpad.net/ubuntu/+source/rsyslog/7.4.4-1ubuntu2.3
https://launchpad.net/ubuntu/+source/rsyslog/5.8.6-1ubuntu8.9
https://launchpad.net/ubuntu/+source/rsyslog/4.2.0-2ubuntu8.3

Original Source

Url : http://www.ubuntu.com/usn/USN-2381-1

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26330

Oval ID:	oval:org.mitre.oval:def:26330
Title:	USN-2381-1 -- rsyslog vulnerabilities
Description:	Rsyslog could be made to crash if it received specially crafted input.
Family:	unix	Class:	patch
Reference(s):	USN-2381-1 CVE-2014-3634 CVE-2014-3683	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	rsyslog
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND rsyslog DPKG is earlier than 0:7.4.4-1ubuntu2.3 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND rsyslog DPKG is earlier than 0:5.8.6-1ubuntu8.9 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND rsyslog DPKG is earlier than 0:4.2.0-2ubuntu8.3

Definition Id: oval:org.mitre.oval:def:26767

Oval ID:	oval:org.mitre.oval:def:26767
Title:	RHSA-2014:1654: rsyslog7 security update (Important)
Description:	The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1654-00 CVE-2014-3634 CESA-2014:1654	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	rsyslog7
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section rsyslog7 is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-elasticsearch is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-gnutls is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-gssapi is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-mysql is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-pgsql is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-relp is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-snmp is earlier than 0:7.4.10-3.el6_6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND rsyslog7-debuginfo is earlier than 0:7.4.10-3.el6_6

Definition Id: oval:org.mitre.oval:def:26816

Oval ID:	oval:org.mitre.oval:def:26816
Title:	RHSA-2014:1671 -- rsyslog5 and rsyslog security update (Moderate)
Description:	The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog5 and rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1671 CESA-2014:1671 CVE-2014-3634	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	rsyslog rsyslog5
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section rsyslog5 is earlier than 0:5.8.12-5.el5_11 AND rsyslog5-gnutls is earlier than 0:5.8.12-5.el5_11 AND rsyslog5-gssapi is earlier than 0:5.8.12-5.el5_11 AND rsyslog5-mysql is earlier than 0:5.8.12-5.el5_11 AND rsyslog5-pgsql is earlier than 0:5.8.12-5.el5_11 AND rsyslog5-snmp is earlier than 0:5.8.12-5.el5_11 AND Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 AND rsyslog5-debuginfo is earlier than 0:5.8.12-5.el5_11 AND Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section rsyslog is earlier than 0:5.8.10-9.el6_6 AND rsyslog-gnutls is earlier than 0:5.8.10-9.el6_6 AND rsyslog-gssapi is earlier than 0:5.8.10-9.el6_6 AND rsyslog-mysql is earlier than 0:5.8.10-9.el6_6 AND rsyslog-pgsql is earlier than 0:5.8.10-9.el6_6 AND rsyslog-relp is earlier than 0:5.8.10-9.el6_6 AND rsyslog-snmp is earlier than 0:5.8.10-9.el6_6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND rsyslog-debuginfo is earlier than 0:5.8.10-9.el6_6

Definition Id: oval:org.mitre.oval:def:26870

Oval ID:	oval:org.mitre.oval:def:26870
Title:	SUSE-SU-2014:1294-1 -- Security update for rsyslog
Description:	syslog has been updated to fix a remote denial of service issue: * Under certain configurations, a local or remote attacker able to send syslog messages to the server could have crashed the log server due to an array overread. (CVE-2014-3634, CVE-2014-3683) Security Issues: * CVE-2014-3634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634> * CVE-2014-3683 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1294-1 CVE-2014-3634 CVE-2014-3683	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	rsyslog
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section rsyslog RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-diag-tools RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-doc RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-gssapi RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-gtls RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-mysql RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-pgsql RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-relp RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-snmp RPM is earlier than 0:5.10.1-0.11.1 AND rsyslog-module-udpspoof RPM is earlier than 0:5.10.1-0.11.1

Definition Id: oval:org.mitre.oval:def:26952

Oval ID:	oval:org.mitre.oval:def:26952
Title:	ELSA-2014-1397 -- rsyslog security update
Description:	[7.4.7-7.0.1] - use setsid() to get a controlling session and process group [Orabug: 17346261] (Todd Vierling) [7.4.7-7] - fix CVE-2014-3634 resolves: #1149152
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1397 CVE-2014-3634	Version:	4
Platform(s):	Oracle Linux 7	Product(s):	rsyslog rsyslog-crypto rsyslog-doc rsyslog-elasticsearch rsyslog-gnutls rsyslog-gssapi rsyslog-libdbi rsyslog-mmaudit rsyslog-mmjsonparse rsyslog-mmnormalize rsyslog-mmsnmptrapd rsyslog-mysql rsyslog-pgsql rsyslog-relp rsyslog-snmp rsyslog-udpspoof
Definition Synopsis:
Oracle Linux 7.x Packages match section rsyslog is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-crypto is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-doc is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-elasticsearch is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-gnutls is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-gssapi is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-libdbi is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-mmaudit is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-mmjsonparse is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-mmnormalize is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-mmsnmptrapd is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-mysql is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-pgsql is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-relp is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-snmp is earlier than 0:7.4.7-7.0.1.el7_0 AND rsyslog-udpspoof is earlier than 0:7.4.7-7.0.1.el7_0

Definition Id: oval:org.mitre.oval:def:27109

Oval ID:	oval:org.mitre.oval:def:27109
Title:	DSA-3040-1 rsyslog - security update
Description:	Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
Family:	unix	Class:	patch
Reference(s):	DSA-3040-1 CVE-2014-3634	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	rsyslog
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND rsyslog DPKG is earlier than 0:5.8.11-3+deb7u1

Definition Id: oval:org.mitre.oval:def:27159

Oval ID:	oval:org.mitre.oval:def:27159
Title:	RHSA-2014:1397: rsyslog security update (Important)
Description:	The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1397-00 CESA-2014:1397 CVE-2014-3634	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	rsyslog
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section rsyslog is earlier than 0:7.4.7-7.el7_0 AND rsyslog-crypto is earlier than 0:7.4.7-7.el7_0 AND rsyslog-doc is earlier than 0:7.4.7-7.el7_0 AND rsyslog-elasticsearch is earlier than 0:7.4.7-7.el7_0 AND rsyslog-gnutls is earlier than 0:7.4.7-7.el7_0 AND rsyslog-gssapi is earlier than 0:7.4.7-7.el7_0 AND rsyslog-libdbi is earlier than 0:7.4.7-7.el7_0 AND rsyslog-mmaudit is earlier than 0:7.4.7-7.el7_0 AND rsyslog-mmjsonparse is earlier than 0:7.4.7-7.el7_0 AND rsyslog-mmnormalize is earlier than 0:7.4.7-7.el7_0 AND rsyslog-mmsnmptrapd is earlier than 0:7.4.7-7.el7_0 AND rsyslog-mysql is earlier than 0:7.4.7-7.el7_0 AND rsyslog-pgsql is earlier than 0:7.4.7-7.el7_0 AND rsyslog-relp is earlier than 0:7.4.7-7.el7_0 AND rsyslog-snmp is earlier than 0:7.4.7-7.el7_0 AND rsyslog-udpspoof is earlier than 0:7.4.7-7.el7_0

Definition Id: oval:org.mitre.oval:def:27164

Oval ID:	oval:org.mitre.oval:def:27164
Title:	DSA-3047-1 rsyslog - security update
Description:	Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
Family:	unix	Class:	patch
Reference(s):	DSA-3047-1 CVE-2014-3683 CVE-2014-3634	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	rsyslog
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND rsyslog DPKG is earlier than 0:5.8.11-3+deb7u2

Definition Id: oval:org.mitre.oval:def:27262

Oval ID:	oval:org.mitre.oval:def:27262
Title:	ELSA-2014-1671 -- rsyslog5 and rsyslog security update (moderate)
Description:	[5.8.12-5.0.1] - use setsid() to get a controlling session and process group [Orabug: 17364545] [5.8.12-5] - fix CVE-2014-3634 resolves: #1149158
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1671 CVE-2014-3634	Version:	3
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	rsyslog rsyslog5
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section rsyslog5 is earlier than 0:5.8.12-5.0.1.el5_11 AND rsyslog5-gnutls is earlier than 0:5.8.12-5.0.1.el5_11 AND rsyslog5-gssapi is earlier than 0:5.8.12-5.0.1.el5_11 AND rsyslog5-mysql is earlier than 0:5.8.12-5.0.1.el5_11 AND rsyslog5-pgsql is earlier than 0:5.8.12-5.0.1.el5_11 AND rsyslog5-snmp is earlier than 0:5.8.12-5.0.1.el5_11 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section rsyslog is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-gnutls is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-gssapi is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-mysql is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-pgsql is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-relp is earlier than 0:5.8.10-9.0.1.el6_6 AND rsyslog-snmp is earlier than 0:5.8.10-9.0.1.el6_6

Definition Id: oval:org.mitre.oval:def:27302

Oval ID:	oval:org.mitre.oval:def:27302
Title:	ELSA-2014-1654 -- rsyslog7 security update (important)
Description:	[7.4.10-3] - fix CVE-2014-3634 resolves: #1149150
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1654 CVE-2014-3634	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	rsyslog7
Definition Synopsis:
Oracle Linux 6.x Packages match section rsyslog7 is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-elasticsearch is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-gnutls is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-gssapi is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-mysql is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-pgsql is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-relp is earlier than 0:7.4.10-3.el6_6 AND rsyslog7-snmp is earlier than 0:7.4.10-3.el6_6

Definition Id: oval:org.mitre.oval:def:27883

Oval ID:	oval:org.mitre.oval:def:27883
Title:	Open Source RSyslog vulnerability
Description:	rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3634	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists rsyslog.base greater than or equal 5.8.6.1 AND rsyslog.base less than or equal 5.8.6.3

Definition Id: oval:org.mitre.oval:def:28412

Oval ID:	oval:org.mitre.oval:def:28412
Title:	AIX OpenSSL DTLS recursion flaw
Description:	Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3683	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists rsyslog.base greater than or equal 5.8.6.1 AND rsyslog.base less than or equal 5.8.6.3

Definition Id: oval:org.mitre.oval:def:28432

Oval ID:	oval:org.mitre.oval:def:28432
Title:	SUSE-SU-2014:1438-1 -- update for rsyslog (moderate)
Description:	This update for rsyslog provides the following fixes: - Fixed remote PRI DoS vulnerability patch (CVE-2014-3683, bnc#899756) - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package (bnc#890228)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1438-1 CVE-2014-3683 CVE-2014-3634	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	rsyslog
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section rsyslog is earlier than 0:8.4.0-5.1 AND rsyslog-debuginfo is earlier than 0:8.4.0-5.1 AND rsyslog-debugsource is earlier than 0:8.4.0-5.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Rsyslog cpe:2.3:a:rsyslog:rsyslog:8.4.1:::::::* cpe:2.3:a:rsyslog:rsyslog:8.4.0:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.5:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.4:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.3:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.2:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.1:::::::* cpe:2.3:a:rsyslog:rsyslog:8.3.0:::::::* cpe:2.3:a:rsyslog:rsyslog:8.2.3:::::::* cpe:2.3:a:rsyslog:rsyslog:8.2.2:::::::* cpe:2.3:a:rsyslog:rsyslog:8.2.1:::::::* cpe:2.3:a:rsyslog:rsyslog:8.2.0:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.6:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.5:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.4:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.3:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.2:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.1:::::::* cpe:2.3:a:rsyslog:rsyslog:8.1.0:::::::* cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:::::: cpe:2.3:a:rsyslog:rsyslog:7.4.0:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.9:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.8:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.7:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.6:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.5:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.4:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.3:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.15:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.14:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.13:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.12:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.11:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.10:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.1:::::::* cpe:2.3:a:rsyslog:rsyslog:7.3.0:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.7:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.6:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.5:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.4:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.3:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.2:::::::* cpe:2.3:a:rsyslog:rsyslog:7.2.1:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.9:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.8:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.7:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.6:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.5:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.4:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.3:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.2:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.12:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.11:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.10:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.1:::::::* cpe:2.3:a:rsyslog:rsyslog:7.1.0:::::::* cpe:2.3:a:rsyslog:rsyslog:6.6.0:::::::* cpe:2.3:a:rsyslog:rsyslog:6.5.1:::::::* cpe:2.3:a:rsyslog:rsyslog:6.4.2:::::::* cpe:2.3:a:rsyslog:rsyslog:6.1.3:::::::* cpe:2.3:a:rsyslog:rsyslog:6.1.2:::::::* cpe:2.3:a:rsyslog:rsyslog:6.1.1:::::::* cpe:2.3:a:rsyslog:rsyslog:6.1.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.8.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.8.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.8.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.8.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.8.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.9:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.8:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.7:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.6:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.5:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.10:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.7.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.5:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.6.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.7:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.6:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.5:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.5.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.4.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.4.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.4.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.7:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.6:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.5:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.3.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.2.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.2.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.2.0:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.6:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.5:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.4:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.3:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.2:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.1:::::::* cpe:2.3:a:rsyslog:rsyslog:5.1.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.7:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.6:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.5:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.4:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.3:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.2:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.1:::::::* cpe:2.3:a:rsyslog:rsyslog:4.6.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.8:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.7:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.6:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.5:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.4:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.3:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.2:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.1:::::::* cpe:2.3:a:rsyslog:rsyslog:4.5.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.4.2:::::::* cpe:2.3:a:rsyslog:rsyslog:4.4.1:::::::* cpe:2.3:a:rsyslog:rsyslog:4.4.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.3.2:::::::* cpe:2.3:a:rsyslog:rsyslog:4.3.1:::::::* cpe:2.3:a:rsyslog:rsyslog:4.3.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.2.0:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.7:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.6:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.5:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.4:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.3:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.2:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.1:::::::* cpe:2.3:a:rsyslog:rsyslog:4.1.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.20.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.9:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.8:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.7:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.6:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.5:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.4:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.3:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.2:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.12:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.11:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.10:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.1:::::::* cpe:2.3:a:rsyslog:rsyslog:3.19.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:::::: cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:::::: cpe:2.3:a:rsyslog:rsyslog:3.17.1:::::::* cpe:2.3:a:rsyslog:rsyslog:3.17.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:::::: cpe:2.3:a:rsyslog:rsyslog:3.15.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.13.0:::::::* cpe:2.3:a:rsyslog:rsyslog:3.12.5:::::::* cpe:2.3:a:rsyslog:rsyslog:3.12.4:::::::* cpe:2.3:a:rsyslog:rsyslog:3.12.3:::::::* cpe:2.3:a:rsyslog:rsyslog:3.12.2:::::::* cpe:2.3:a:rsyslog:rsyslog:3.12.1:::::::* cpe:2.3:a:rsyslog:rsyslog:::::::: cpe:2.3:a:rsyslog:rsyslog:-:::::::*	173
Application	Sysklogd Project Sysklogd cpe:2.3:a:sysklogd_project:sysklogd:1.4.1:::::::* cpe:2.3:a:sysklogd_project:sysklogd:1.4:::::::* cpe:2.3:a:sysklogd_project:sysklogd:1.3:::::::* cpe:2.3:a:sysklogd_project:sysklogd:1.2:::::::* cpe:2.3:a:sysklogd_project:sysklogd:1.1:::::::*	5

Snort® IPS/IDS

Date	Description
2015-04-16	rsyslog remote PRI out of bounds attempt RuleID : 33858 - Revision : 3 - Type : SERVER-OTHER
2014-11-19	rsyslog remote PRI out of bounds attempt RuleID : 32240 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1438-1.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-130.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-35.nasl - Type : ACT_GATHER_INFO
2014-12-02	Name : The remote AIX host has a vulnerable version of rsyslog. File : aix_rsyslog_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0030.nasl - Type : ACT_GATHER_INFO
2014-11-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-445.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-12875.nasl - Type : ACT_GATHER_INFO
2014-10-27	Name : The remote Fedora host is missing a security update. File : fedora_2014-12910.nasl - Type : ACT_GATHER_INFO
2014-10-27	Name : The remote Fedora host is missing a security update. File : fedora_2014-12878.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141020_rsyslog5_and_rsyslog_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-196.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-592.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-591.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2014-12563.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2014-12503.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_rsyslog-141006.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141013_rsyslog_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-11	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2381-1.nasl - Type : ACT_GATHER_INFO
2014-10-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3047.nasl - Type : ACT_GATHER_INFO
2014-10-02	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3040.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8e0e86ff48b511e4ab80000c29f6ae42.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-11-04 09:28:37	Multiple Updates
2014-11-02 09:29:04	Multiple Updates
2014-10-12 13:27:35	Multiple Updates
2014-10-09 21:22:05	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	13
CPE ID(s)	178
Snort® Rule(s)	2
Nessus® Exploit(s)	30

	Related
7.5	CVE-2014-3634
5	CVE-2014-3683
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)