PT-2017-4326 · Rsyslog+5 · Rsyslog+5

Joel Miller

Publicado

2017-05-16

Atualizado

2022-10-06

CVE-2018-16881

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: rsyslog versions prior to 8.27.0

Description: The issue is related to an integer overflow in the imptcp module of the Rsyslog log processing utility. It allows a remote attacker to cause a denial of service. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.

Recommendations: For versions prior to 8.27.0, update to version 8.27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the imptcp socket to minimize the risk of exploitation.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2017-1745

BDU:2023-07785

CESA-2019_2110

CVE-2018-16881

DLA-3016-1

MGASA-2019-0110

OPENSUSE-SU-2019_0154-1

RHSA-2019:2110

RHSA-2019:2437

RHSA-2019:2439

RHSA-2019_2110

SUSE-SU-2019:0209-1

USN-5419-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Rsyslog

PT-2017-4326 · Rsyslog+5 · Rsyslog+5

CVE-2018-16881

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33