Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2014:196 First vendor Publication 2014-10-21
Vendor Mandriva Last vendor Modification 2014-10-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated rsyslog packages fix security vulnerability:

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack (CVE-2014-3634).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:196

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26330
 
Oval ID: oval:org.mitre.oval:def:26330
Title: USN-2381-1 -- rsyslog vulnerabilities
Description: Rsyslog could be made to crash if it received specially crafted input.
Family: unix Class: patch
Reference(s): USN-2381-1
CVE-2014-3634
CVE-2014-3683
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): rsyslog
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26767
 
Oval ID: oval:org.mitre.oval:def:26767
Title: RHSA-2014:1654: rsyslog7 security update (Important)
Description: The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2014:1654-00
CVE-2014-3634
CESA-2014:1654
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): rsyslog7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26816
 
Oval ID: oval:org.mitre.oval:def:26816
Title: RHSA-2014:1671 -- rsyslog5 and rsyslog security update (Moderate)
Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog5 and rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2014:1671
CESA-2014:1671
CVE-2014-3634
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): rsyslog
rsyslog5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26870
 
Oval ID: oval:org.mitre.oval:def:26870
Title: SUSE-SU-2014:1294-1 -- Security update for rsyslog
Description: syslog has been updated to fix a remote denial of service issue: * Under certain configurations, a local or remote attacker able to send syslog messages to the server could have crashed the log server due to an array overread. (CVE-2014-3634, CVE-2014-3683) Security Issues: * CVE-2014-3634 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634> * CVE-2014-3683 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1294-1
CVE-2014-3634
CVE-2014-3683
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): rsyslog
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26952
 
Oval ID: oval:org.mitre.oval:def:26952
Title: ELSA-2014-1397 -- rsyslog security update
Description: [7.4.7-7.0.1] - use setsid() to get a controlling session and process group [Orabug: 17346261] (Todd Vierling) [7.4.7-7] - fix CVE-2014-3634 resolves: #1149152
Family: unix Class: patch
Reference(s): ELSA-2014-1397
CVE-2014-3634
Version: 4
Platform(s): Oracle Linux 7
Product(s): rsyslog
rsyslog-crypto
rsyslog-doc
rsyslog-elasticsearch
rsyslog-gnutls
rsyslog-gssapi
rsyslog-libdbi
rsyslog-mmaudit
rsyslog-mmjsonparse
rsyslog-mmnormalize
rsyslog-mmsnmptrapd
rsyslog-mysql
rsyslog-pgsql
rsyslog-relp
rsyslog-snmp
rsyslog-udpspoof
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27109
 
Oval ID: oval:org.mitre.oval:def:27109
Title: DSA-3040-1 rsyslog - security update
Description: Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
Family: unix Class: patch
Reference(s): DSA-3040-1
CVE-2014-3634
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): rsyslog
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27159
 
Oval ID: oval:org.mitre.oval:def:27159
Title: RHSA-2014:1397: rsyslog security update (Important)
Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2014:1397-00
CESA-2014:1397
CVE-2014-3634
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): rsyslog
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27164
 
Oval ID: oval:org.mitre.oval:def:27164
Title: DSA-3047-1 rsyslog - security update
Description: Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.
Family: unix Class: patch
Reference(s): DSA-3047-1
CVE-2014-3683
CVE-2014-3634
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): rsyslog
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27262
 
Oval ID: oval:org.mitre.oval:def:27262
Title: ELSA-2014-1671 -- rsyslog5 and rsyslog security update (moderate)
Description: [5.8.12-5.0.1] - use setsid() to get a controlling session and process group [Orabug: 17364545] [5.8.12-5] - fix CVE-2014-3634 resolves: #1149158
Family: unix Class: patch
Reference(s): ELSA-2014-1671
CVE-2014-3634
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): rsyslog
rsyslog5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27302
 
Oval ID: oval:org.mitre.oval:def:27302
Title: ELSA-2014-1654 -- rsyslog7 security update (important)
Description: [7.4.10-3] - fix CVE-2014-3634 resolves: #1149150
Family: unix Class: patch
Reference(s): ELSA-2014-1654
CVE-2014-3634
Version: 3
Platform(s): Oracle Linux 6
Product(s): rsyslog7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27883
 
Oval ID: oval:org.mitre.oval:def:27883
Title: Open Source RSyslog vulnerability
Description: rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3634
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28412
 
Oval ID: oval:org.mitre.oval:def:28412
Title: AIX OpenSSL DTLS recursion flaw
Description: Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3683
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28432
 
Oval ID: oval:org.mitre.oval:def:28432
Title: SUSE-SU-2014:1438-1 -- update for rsyslog (moderate)
Description: This update for rsyslog provides the following fixes: - Fixed remote PRI DoS vulnerability patch (CVE-2014-3683, bnc#899756) - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package (bnc#890228)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1438-1
CVE-2014-3683
CVE-2014-3634
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 12
Product(s): rsyslog
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 409
Application 6

Snort® IPS/IDS

Date Description
2015-04-16 rsyslog remote PRI out of bounds attempt
RuleID : 33858 - Revision : 3 - Type : SERVER-OTHER
2014-11-19 rsyslog remote PRI out of bounds attempt
RuleID : 32240 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1438-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-130.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-35.nasl - Type : ACT_GATHER_INFO
2014-12-02 Name : The remote AIX host has a vulnerable version of rsyslog.
File : aix_rsyslog_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0030.nasl - Type : ACT_GATHER_INFO
2014-11-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-445.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12875.nasl - Type : ACT_GATHER_INFO
2014-10-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12910.nasl - Type : ACT_GATHER_INFO
2014-10-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12878.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141020_rsyslog5_and_rsyslog_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-196.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1671.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1654.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-592.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-591.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12563.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12503.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_rsyslog-141006.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141013_rsyslog_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1397.nasl - Type : ACT_GATHER_INFO
2014-10-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2381-1.nasl - Type : ACT_GATHER_INFO
2014-10-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3047.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3040.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8e0e86ff48b511e4ab80000c29f6ae42.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-11-04 09:28:35
  • Multiple Updates
2014-11-02 09:29:02
  • Multiple Updates
2014-10-23 13:24:59
  • Multiple Updates
2014-10-21 13:23:54
  • First insertion