Arch Linux Security Advisory ASA-201410-5 ========================================= Severity: Medium Date : 2014-10-08 CVE-ID : CVE-2014-3683 Package : rsyslog Type : Denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package rsyslog before version 8.4.2-1 is vulnerable to a remote denial of service. Resolution ========== Upgrade to 8.4.2-1. # pacman -Syu "rsyslog>=8.4.2-1" The problem has been fixed upstream in version 8.4.2. Workaround ========== It is possible to prevent unauthorized remote hosts from sending syslog messages to vulnerable hosts, for example by using a firewall. Description =========== The rsyslog fix shipped in 8.4.1 for an invalid PRI value (see ASA-201410-1) was incomplete, as it did not cover cases where PRI values
MAX_INT. These values caused an integer overflow, resulting in negative values.
Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog server accepting remote message will trigger a denial of service by crashing the rsyslog process. Impact ====== A remote attacker authorized to send syslog messages can cause the syslog server to segfault, causing a denial of service. According to the rsyslog project leader, under certain preconditions it may possibly lead to remote code execution [1]. The default configuration is safe from these preconditions. References ========== [1] http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3683