Security Advisories Archives

librelp stack buffer overflow vulnerability (CVE-2018-1000140)

By Rainer GerhardsPosted on March 26, 2018June 1, 2018Posted in Security AdvisoriesTagged librelp

On Monday March 19th, 2018, the librelp development team was informed by the security team at lgtm.com (Semmle) about a critical security vulnerability in librelp. The vulnerability is a long-standing bug that exists since version 1.1.1 (2013-06-11). It affects the client certificate validation in TLS mode which can lead to a stack buffer overrun and […]

remote syslog PRI vulnerability – CVE: CVE-2014-3683

By adisconteamPosted on October 2, 2014May 30, 2018Posted in Security AdvisoriesTagged CVE, CVE-2014-3683, PRI, rsyslog, security

remote syslog PRI vulnerability =============================== CVE: CVE-2014-3683 Status of this report ——————— FINAL Updated 2014-10-06: effect on sysklogd milder than in initial assesment Reporter ——- mancha , intial detection and analysis Rainer Gerhards , rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked v3-stable and above) – sysklogd (checked most recent versions) […]

remote syslog PRI vulnerability – CVE: CVE-2014-3634

By Adiscon SupportPosted on September 30, 2014May 30, 2018Posted in Security AdvisoriesTagged CVE, PRI, rsyslog, security

=============================== CVE: CVE-2014-3634 Status of this report ——————— FINAL Reporter ——- Rainer Gerhards, rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked 5.8.6+) – sysklogd (checked most recent versions) – potentially others (see root cause) Root Cause ———- Note: rsyslogd was forked from sysklogd, and the root cause applies to both. For […]

Potential DoS with malformed TAG

By Adiscon SupportPosted on September 1, 2011May 30, 2018Posted in Security Advisories

If a malformed, severely too long TAG is used in legacy (RFC3164) syslog messages, rsyslog can abort based on the conditions described in this security advisory. CVE: CVE-2011-3200 Affected Stable Versions: v4.6.0 to 4.6.7 (inclusive) v5.2.0 to 5.8.4 (inclusive) Devel and Beta versions are probably also affected, but are not suitable for production and thus […]

$AllowedSender not honored

By Adiscon SupportPosted on December 4, 2008May 30, 2018Posted in Security AdvisoriesTagged $AllowedSender, rsyslog

A primitive way of access control is offered in rsyslog via the $AllowedSender configuration directive. It permits the operator to specify hosts from which messages are being accepted. If the directive is not specified, messages from all hosts are accepted. If it is, the set is limited to those senders that match the configured criteria […]

SQL Injection Vulnerability in rsyslogd

By Adiscon SupportPosted on September 23, 2005May 30, 2018Posted in Security AdvisoriesTagged rsyslog, SQL Injection

An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take ownership of the machine. This can be locally exploited if rsyslogd is listening on the local socket. Wes assume it is doing this in almost […]