PT-2014-1869 · Rsyslog+7 · Rsyslog+7

Rainer Gerhards

Publicado

2014-10-01

Atualizado

2024-06-15

CVE-2014-3634

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions rsyslog versions prior to 7.6.6 rsyslog 8.x versions prior to 8.4.1 sysklogd version 1.5 and earlier

Description The issue allows remote attackers to cause a denial of service, possibly execute arbitrary code, or have other unspecified impact via a crafted priority value that triggers an out-of-bounds array access. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely.

Recommendations For rsyslog versions prior to 7.6.6, update to version 7.6.6 or later. For rsyslog 8.x versions prior to 8.4.1, update to version 8.4.1 or later. For sysklogd version 1.5 and earlier, update to a version later than 1.5. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-189

Identificadores relacionados

ALT-PU-2014-2253

BDU:2015-07514

BDU:2015-07515

BDU:2015-07516

BDU:2015-07517

BDU:2015-07518

BDU:2015-07519

BDU:2015-07520

BDU:2015-07521

BDU:2015-07522

BDU:2015-07523

BDU:2015-07524

BDU:2015-07525

BDU:2015-07526

BDU:2015-07527

BDU:2015-07528

BDU:2015-07529

BDU:2015-07530

BDU:2015-07531

BDU:2015-07532

BDU:2015-07533

BDU:2015-07534

BDU:2015-07535

BDU:2015-07536

BDU:2015-07537

BDU:2015-07538

BDU:2015-07539

BDU:2015-07540

BDU:2015-07541

BDU:2015-07542

BDU:2015-07543

BDU:2015-07544

BDU:2015-07545

BDU:2015-07546

BDU:2015-07547

BDU:2015-07548

BDU:2015-07549

BDU:2015-07550

BDU:2015-07551

BDU:2015-07552

BDU:2015-09152

BDU:2015-09153

BDU:2015-09154

BDU:2015-09155

BDU:2015-09156

BDU:2015-09157

BDU:2015-09158

BDU:2015-09159

BDU:2015-09160

BDU:2015-09161

BDU:2015-09162

BDU:2015-09163

BDU:2015-09164

BDU:2015-09165

BDU:2015-09166

BDU:2015-09167

BDU:2015-09168

BDU:2015-09169

BDU:2015-09170

BDU:2015-09171

BDU:2015-09172

BDU:2015-09173

BDU:2015-09174

BDU:2015-09175

BDU:2015-09176

BDU:2015-09177

BDU:2015-09178

BDU:2015-09179

BDU:2015-09180

BDU:2015-09181

BDU:2015-09182

BDU:2015-09183

BDU:2015-09184

BDU:2015-09185

BDU:2015-09186

BDU:2015-09187

BDU:2015-09188

BDU:2015-09189

BDU:2015-09190

BDU:2015-09771

CESA-2014_1397

CESA-2014_1654

CESA-2014_1671

CVE-2014-3634

DLA-72-1

DSA-3040-1

MGASA-2014-0411

OPENSUSE-SU-2024:10155-1

OPENSUSE-SU-2024:10498-1

RHSA-2014:1397

RHSA-2014:1654

RHSA-2014:1671

RHSA-2014_1397

RHSA-2014_1654

RHSA-2014_1671

SUSE-SU-2014_1294-1

SUSE-SU-2014_1438-1

USN-2381-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Red Hat

Suse

Ubuntu

Rsyslog

Sysklogd

PT-2014-1869 · Rsyslog+7 · Rsyslog+7

CVE-2014-3634

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 159