On Monday March 19th, 2018, the librelp development team was informed by the security team at lgtm.com (Semmle) about a critical security vulnerability in librelp. The vulnerability is a long-standing bug that exists since version 1.1.1 (2013-06-11). It affects the client certificate validation in TLS mode which can lead to a stack buffer overrun and […]
remote syslog PRI vulnerability – CVE: CVE-2014-3683
remote syslog PRI vulnerability =============================== CVE: CVE-2014-3683 Status of this report ——————— FINAL Updated 2014-10-06: effect on sysklogd milder than in initial assesment Reporter ——- mancha , intial detection and analysis Rainer Gerhards , rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked v3-stable and above) – sysklogd (checked most recent versions) […]
remote syslog PRI vulnerability – CVE: CVE-2014-3634
=============================== CVE: CVE-2014-3634 Status of this report ——————— FINAL Reporter ——- Rainer Gerhards, rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked 5.8.6+) – sysklogd (checked most recent versions) – potentially others (see root cause) Root Cause ———- Note: rsyslogd was forked from sysklogd, and the root cause applies to both. For […]
Potential DoS with malformed TAG
If a malformed, severely too long TAG is used in legacy (RFC3164) syslog messages, rsyslog can abort based on the conditions described in this security advisory. CVE: CVE-2011-3200 Affected Stable Versions: v4.6.0 to 4.6.7 (inclusive) v5.2.0 to 5.8.4 (inclusive) Devel and Beta versions are probably also affected, but are not suitable for production and thus […]
$AllowedSender not honored
A primitive way of access control is offered in rsyslog via the $AllowedSender configuration directive. It permits the operator to specify hosts from which messages are being accepted. If the directive is not specified, messages from all hosts are accepted. If it is, the set is limited to those senders that match the configured criteria […]
SQL Injection Vulnerability in rsyslogd
An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take ownership of the machine. This can be locally exploited if rsyslogd is listening on the local socket. Wes assume it is doing this in almost […]