CVE-2014-3634 – rsyslog: remote syslog PRI vulnerability
https://notcve.org/view.php?id=CVE-2014-3634
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. rsyslog anterior a 7.6.6 y 8.x anterior a 8.4.1 y sysklogd 1.5 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída), posiblemente ejecutar código arbitrario o tener otro impacto no especificado a través de un valor de prioridad (PRI) manipulado que provoca un acceso a array fuera de rango. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user running the rsyslog daemon. • http://advisories.mageia.org/MGASA-2014-0411.html http://linux.oracle.com/errata/ELSA-2014-1654 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html http://rhn.redhat.com/errata/RHSA-2014-1397.html http://rhn.redhat.com/errata/RHSA-2014-1654.html http://rhn.redhat.com/errata/RHSA-2014-1671.html http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4758
https://notcve.org/view.php?id=CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. Vulnerabilidad de doble liberación en la función writeDataError en el plugin Elasticsearch (omelasticsearch) en rsyslog anterior a 7.4.2 y anterior a 7.5.2 devel, cuando un errorfile se establece en el registro de log local, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una respuesta JSON diseñada. • http://www.openwall.com/lists/oss-security/2013/07/05/2 http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released • CWE-399: Resource Management Errors •
CVE-2011-4623 – rsyslog: DoS due integer signedness error while extending rsyslog counted string buffer
https://notcve.org/view.php?id=CVE-2011-4623
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función rsCStrExtendBuf en runtime/stringbuf.c en el módulo imfile en rsyslog v4.x anteriores v4.6.6, v5.x anteriores a v5.7.4, y v6.x anteriores a v6.1.4, permite a atacantes remotos provocar una denegación de servicio (cuelgue del demonio) a través de un fichero grande, que provoca un desbordamiento de búfer basado en memoria dinámica. • http://bugzilla.adiscon.com/show_bug.cgi?id=221 http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101 http://rsyslog.com/changelog-for-4-6-6-v4-stable http://rsyslog.com/changelog-for-5-7-4-v5-beta http://rsyslog.com/changelog-for-6-1-4-devel http://secunia.com/advisories/45848 http://secunia.com/advisories/47698 http://www.openwall.com/lists/oss-security/2011/12/22/2 http://www.securityfocus.com/bid/51171 http://www.securi • CWE-189: Numeric Errors •
CVE-2011-3200 – rsyslog: parseLegacySyslogMsg off-by-two buffer overflow
https://notcve.org/view.php?id=CVE-2011-3200
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. Un desbordamiento de búfer basado en la pila en la función parseLegacySyslogMsg en tools/syslogd.c en rsyslogd en rsyslog v4.6.x antes de v4.6.8 y v5.2.0 hasta la v5.8.4 podría permitir a atacantes remotos provocar una denegación de servicio (salida de la aplicación) a través de un TAG demasiado largo en un mensaje de syslog antiguo. • http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=1ca6cc236d1dabf1633238b873fb1c057e52f95e http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065837.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html http://lists.opensuse.org/opensuse-updates/2011-09/msg00013.html http://secunia.com/advisories/45922 http://secunia.com/advisories/46027 http://securitytracker.com/id?1026000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:134 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5617
https://notcve.org/view.php?id=CVE-2008-5617
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. El manejador ACL de rsyslog v3.12.1 hasta v3.20.0, v4.1.0 y v4.1.1, no sigue la directiva $AllowSender, lo que permite a atacantes remotos evitar las restricciones de acceso pretendidas y falsear los mensajes de registro (log) o crear un gran número de mensajes falsos. • http://secunia.com/advisories/32857 http://www.rsyslog.com/Article322.phtml http://www.rsyslog.com/Article327.phtml http://www.rsyslog.com/Topic4.phtml http://www.securityfocus.com/bid/32630 https://exchange.xforce.ibmcloud.com/vulnerabilities/47080 • CWE-264: Permissions, Privileges, and Access Controls •