[arch-security] [Arch Linux Security Advisory ASA-201410-5] rsyslog: remote denial of service
Remi Gacogne
rgacogne-arch at coredump.fr
Wed Oct 8 12:23:13 UTC 2014
Arch Linux Security Advisory ASA-201410-5
=========================================
Severity: Medium
Date : 2014-10-08
CVE-ID : CVE-2014-3683
Package : rsyslog
Type : Denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package rsyslog before version 8.4.2-1 is vulnerable to a remote
denial of service.
Resolution
==========
Upgrade to 8.4.2-1.
# pacman -Syu "rsyslog>=8.4.2-1"
The problem has been fixed upstream in version 8.4.2.
Workaround
==========
It is possible to prevent unauthorized remote hosts from sending syslog
messages to vulnerable hosts, for example by using a firewall.
Description
===========
The rsyslog fix shipped in 8.4.1 for an invalid PRI value (see
ASA-201410-1) was incomplete, as it did not cover cases where PRI values
> MAX_INT. These values caused an integer overflow, resulting in
negative values.
Sending a syslog message containing an invalid PRI value to a vulnerable
rsyslog server accepting remote message will trigger a denial of service
by crashing the rsyslog process.
Impact
======
A remote attacker authorized to send syslog messages can cause the
syslog server to segfault, causing a denial of service. According to the
rsyslog project leader, under certain preconditions it may possibly lead
to remote code execution [1]. The default configuration is safe from
these preconditions.
References
==========
[1] http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3683
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141008/21b671b7/attachment.bin>
More information about the arch-security
mailing list