The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RSYSLOG

computer vulnerability note CVE-2018-16881

rsyslog: denial of service via Imtcp Octet-Counted TCP Framing

Synthesis of the vulnerability

An attacker can trigger a fatal error via Imtcp Octet-Counted TCP Framing of rsyslog, in order to trigger a denial of service.
Impacted products: openSUSE Leap, RSYSLOG.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: CVE-2018-16881, openSUSE-SU-2019:0154-1, RHBUG-1658366, VIGILANCE-VUL-28469.

Description of the vulnerability

An attacker can trigger a fatal error via Imtcp Octet-Counted TCP Framing of rsyslog, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 26965

RSYSLOG: buffer overflow via SanitizeMsg

Synthesis of the vulnerability

An attacker can generate a buffer overflow via SanitizeMsg() of RSYSLOG, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, RSYSLOG.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 13/08/2018.
Identifiers: FEDORA-2018-2818fc5308, FEDORA-2018-749f2bae28, VIGILANCE-VUL-26965.

Description of the vulnerability

An attacker can generate a buffer overflow via SanitizeMsg() of RSYSLOG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000140

librelp: buffer overflow via X.509

Synthesis of the vulnerability

An attacker can generate a buffer overflow via X.509 of librelp, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, RSYSLOG, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 26/03/2018.
Identifiers: CVE-2018-1000140, DSA-4151-1, FEDORA-2018-2f9d3604d6, FEDORA-2018-6f2df5ab6c, openSUSE-SU-2018:0829-1, RHSA-2018:1223-01, RHSA-2018:1225-01, RHSA-2018:1701-01, RHSA-2018:1702-01, RHSA-2018:1703-01, RHSA-2018:1704-01, RHSA-2018:1707-01, SUSE-SU-2018:0822-1, SUSE-SU-2018:0828-1, USN-3612-1, VIGILANCE-VUL-25647.

Description of the vulnerability

An attacker can generate a buffer overflow via X.509 of librelp, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-5972

Linux kernel: denial of service via RSYSLOG and SYN Cookie Protection

Synthesis of the vulnerability

An attacker can generate a fatal error via the RSYSLOG service and the SYN Cookie Protection of the Linux kernel, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, Linux, RSYSLOG, Symantec Content Analysis.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 15/02/2017.
Identifiers: CVE-2017-5972, SA148, VIGILANCE-VUL-21842.

Description of the vulnerability

An attacker can generate a fatal error via the RSYSLOG service and the SYN Cookie Protection of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3683

RSYSLOG: integer overflow of PRI

Synthesis of the vulnerability

An attacker can generate an integer overflow via PRI in RSYSLOG, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, AIX, openSUSE, Solaris, RSYSLOG, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 02/10/2014.
Identifiers: bulletinoct2015, CVE-2014-3683, DSA-3047-1, MDVSA-2014:196, openSUSE-SU-2014:1297-1, openSUSE-SU-2014:1298-1, SUSE-SU-2014:1294-1, USN-2381-1, VIGILANCE-VUL-15437.

Description of the vulnerability

The RSYSLOG product analyzes messages in the SYSLOG format:
  <PRI> HEADER MSG
The PRI field indicates the priority, which is composed of the message Facility and Severity.

However, if PRI is larger than MAX_INT, an index becomes negative, and an array overflows in RSYSLOG.

When RSYSLOG is configured to accept SYSLOG messages from the network, this vulnerability can be remotely exploited.

An attacker can therefore generate an integer overflow via PRI in RSYSLOG, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3634

RSYSLOG: integer overflow of PRI

Synthesis of the vulnerability

An attacker can generate an integer overflow via PRI in RSYSLOG, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, AIX, openSUSE, Solaris, RHEL, RSYSLOG, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 30/09/2014.
Identifiers: bulletinoct2015, CVE-2014-3634, DSA-3040-1, FEDORA-2014-12503, FEDORA-2014-12878, FEDORA-2014-12910, MDVSA-2014:196, MDVSA-2015:130, openSUSE-SU-2014:1297-1, openSUSE-SU-2014:1298-1, RHSA-2014:1397-01, RHSA-2014:1654-01, RHSA-2014:1671-01, SUSE-SU-2014:1294-1, USN-2381-1, VIGILANCE-VUL-15427.

Description of the vulnerability

The RSYSLOG product analyzes messages in the SYSLOG format:
  <PRI> HEADER MSG
The PRI field indicates the priority, which is composed of the message Facility and Severity.

However, if PRI is larger than 191, an array related to the Facility overflows in RSYSLOG.

When RSYSLOG is configured to accept SYSLOG messages from the network, this vulnerability can be remotely exploited.

An attacker can therefore generate an integer overflow via PRI in RSYSLOG, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-6370 CVE-2013-6371

json-c: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of json-c.
Impacted products: Fedora, openSUSE, Solaris, RHEL, RSYSLOG, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/04/2014.
Identifiers: bulletinoct2015, CVE-2013-6370, CVE-2013-6371, FEDORA-2014-4975, FEDORA-2014-5006, MDVSA-2014:079, MDVSA-2015:102, openSUSE-SU-2014:0558-1, RHSA-2014:0703-01, USN-2245-1, VIGILANCE-VUL-14615.

Description of the vulnerability

Several vulnerabilities were announced in json-c.

An attacker can generate a buffer overflow if the size of "size_t" is larger than the size of "int", in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2013-6370]

An attacker can use special JSON data, to generate collisions in a hash function, in order to trigger a denial of service. [severity:2/4; CVE-2013-6371]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-3200

rsyslog: buffer overflow via TAG

Synthesis of the vulnerability

An attacker who is allowed to send a message to the rsyslog daemon can generate an overflow of two bytes, in order to create a denial of service.
Impacted products: Fedora, Mandriva Linux, openSUSE, RHEL, RSYSLOG.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 02/09/2011.
Identifiers: 727644, BID-49413, CVE-2011-3200, FEDORA-2011-12282, FEDORA-2011-12616, MDVSA-2011:134, MDVSA-2011:134-1, openSUSE-SU-2011:1020-1, RHSA-2011:1247-01, VIGILANCE-VUL-10966.

Description of the vulnerability

The rsyslog daemon processes SYSLOG packets in format RFC 3164 or RFC 5425.

Packets compatible with RFC 3164 use the following format:
  PRI HEADER MESSAGE
Where:
 - the priority PRI is like "<Facilities Severities>"
 - the optional HEADER contains a Timestamp and a Hostname
 - the MESSAGE contains a TAG (name of the program followed by the ':' character) and the CONTENT (the real content of the message)

The parseLegacySyslogMsg() function of the tools/syslogd.c file analyzes data in format RFC 3164. The read TAG field is stored in an array of 512 (CONF_TAG_MAXSIZE) bytes. However, rsyslog does not correctly check when the limit when the packet contains a TAG field of 512 bytes. In this case, an overflow of two bytes occurs. The memory is then corrupted by the ':' and '\0' bytes. This leads to a denial of service, but does not lead to code execution.

An attacker who is allowed to send a message to the rsyslog daemon can therefore generate an overflow of two bytes, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-5617 CVE-2008-5618

RSyslog: bypassing ACLs

Synthesis of the vulnerability

An attacker can bypass ACLs of RSyslog in order to create a denial of service.
Impacted products: Fedora, NLD, OES, openSUSE, RSYSLOG, SLES.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/12/2008.
Identifiers: CVE-2008-5617, CVE-2008-5618, FEDORA-2008-11476, FEDORA-2008-11538, SUSE-SR:2009:001, VIGILANCE-VUL-8350.

Description of the vulnerability

The RSyslog daemon implements a syslogd logging service. It has two vulnerabilities.

The $AllowedSender variable restricts the list of clients allowed to connect to RSyslog. After a code change, the variable was duplicated. The variable defined by the administrator is thus different from the variable used to create ACLs. All clients are thus allowed to connect to RSyslog. [severity:2/4; CVE-2008-5617]

An attacker can connect to RSyslog and force it to log imudp messages, in order to fill the filesystem. [severity:1/4; CVE-2008-5618]

An attacker can therefore bypass ACLs of RSyslog in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RSYSLOG: