librelp stack buffer overflow vulnerability (CVE-2018-1000140)

On Monday March 19th, 2018, the librelp development team was informed by the security team at lgtm.com (Semmle) about a critical security vulnerability in librelp. The vulnerability is a long-standing bug that exists since version 1.1.1 (2013-06-11). It affects the client certificate validation in TLS mode which can lead to a stack buffer overrun and […]

remote syslog PRI vulnerability – CVE: CVE-2014-3683

remote syslog PRI vulnerability =============================== CVE: CVE-2014-3683 Status of this report ——————— FINAL Updated 2014-10-06: effect on sysklogd milder than in initial assesment Reporter ——- mancha , intial detection and analysis Rainer Gerhards , rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked v3-stable and above) – sysklogd (checked most recent versions) […]

remote syslog PRI vulnerability – CVE: CVE-2014-3634

=============================== CVE: CVE-2014-3634 Status of this report ——————— FINAL Reporter ——- Rainer Gerhards, rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked 5.8.6+) – sysklogd (checked most recent versions) – potentially others (see root cause) Root Cause ———- Note: rsyslogd was forked from sysklogd, and the root cause applies to both. For […]

SQL Injection Vulnerability in rsyslogd

An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take ownership of the machine. This can be locally exploited if rsyslogd is listening on the local socket. Wes assume it is doing this in almost […]

Scroll to top