Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2012:100 | First vendor Publication | 2012-06-25 |
| Vendor | Mandriva | Last vendor Modification | 2012-06-25 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability has been discovered and corrected in rsyslog: An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service (rsyslogd daemon hang) via specially-crafted message, to be logged (CVE-2011-4623). The updated packages have been patched to correct this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:100 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15456 | |||
| Oval ID: | oval:org.mitre.oval:def:15456 | ||
| Title: | USN-1338-1 -- Rsyslog vulnerability | ||
| Description: | rsyslog: Enhanced syslogd Rsyslog could be made to crash if it processed a specially crafted log message. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1338-1 CVE-2011-4623 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | Rsyslog |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21554 | |||
| Oval ID: | oval:org.mitre.oval:def:21554 | ||
| Title: | RHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
| Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0796-04 CESA-2012:0796 CVE-2011-4623 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22990 | |||
| Oval ID: | oval:org.mitre.oval:def:22990 | ||
| Title: | ELSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate) | ||
| Description: | Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0796-04 CVE-2011-4623 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27839 | |||
| Oval ID: | oval:org.mitre.oval:def:27839 | ||
| Title: | DEPRECATED: ELSA-2012-0796 -- rsyslog security, bug fix, and enhancement update (moderate) | ||
| Description: | [5.8.10-2] - add patch to update information on debugging in the man page Resolves: #820311 - add patch to prevent debug output to stdout after forking Resolves: #820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: #822118 [5.8.10-1] - rebase to rsyslog 5.8.10 Resolves: #803550 Resolves: #805424 Resolves: #813079 Resolves: #813084 - consider lock file in 'status' action Resolves: #807608 - add impstats and imptcp modules - include new license text files - specify which versions of sysklogd are obsoleted [5.8.7-1] - rebase to rsyslog-5.8.7 - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)' http://blog.gerhards.net/2012/01/rsyslog-licensing-update.html - remove patches obsoleted by rebase - add patches for better sysklogd compatibility (taken from upstream) - update included files for the new major version Resolves: #672182 Resolves: #727380 Resolves: #756664 Resolves: #767527 Resolves: #769025 - add several directories for storing auxiliary data Resolves: #740420 - fix source package URL | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0796 CVE-2011-4623 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | rsyslog |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for rsyslog CESA-2012:0796 centos6 File : nvt/gb_CESA-2012_0796_rsyslog_centos6.nasl |
| 2012-06-28 | Name : Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog) File : nvt/gb_mandriva_MDVSA_2012_100.nasl |
| 2012-06-22 | Name : RedHat Update for rsyslog RHSA-2012:0796-04 File : nvt/gb_RHSA-2012_0796-04_rsyslog.nasl |
| 2012-01-25 | Name : Ubuntu Update for rsyslog USN-1338-1 File : nvt/gb_ubuntu_USN_1338_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78510 | rsyslog runtime/stringbuf.c rsCStrExtendBuf() Function Message Parsing Remote... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-35.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-105.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_rsyslog_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-06-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-100.nasl - Type : ACT_GATHER_INFO |
| 2012-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0796.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1338-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:42:59 |
|
