PT-2014-1869 · Rsyslog+7 · Rsyslog+7

Rainer Gerhards

·

Published

2014-10-01

·

Updated

2024-06-15

·

CVE-2014-3634

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions rsyslog versions prior to 7.6.6 rsyslog 8.x versions prior to 8.4.1 sysklogd version 1.5 and earlier
Description The issue allows remote attackers to cause a denial of service, possibly execute arbitrary code, or have other unspecified impact via a crafted priority value that triggers an out-of-bounds array access. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely.
Recommendations For rsyslog versions prior to 7.6.6, update to version 7.6.6 or later. For rsyslog 8.x versions prior to 8.4.1, update to version 8.4.1 or later. For sysklogd version 1.5 and earlier, update to a version later than 1.5. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-189

Related Identifiers

ALT-PU-2014-2253
BDU:2015-07514
BDU:2015-07515
BDU:2015-07516
BDU:2015-07517
BDU:2015-07518
BDU:2015-07519
BDU:2015-07520
BDU:2015-07521
BDU:2015-07522
BDU:2015-07523
BDU:2015-07524
BDU:2015-07525
BDU:2015-07526
BDU:2015-07527
BDU:2015-07528
BDU:2015-07529
BDU:2015-07530
BDU:2015-07531
BDU:2015-07532
BDU:2015-07533
BDU:2015-07534
BDU:2015-07535
BDU:2015-07536
BDU:2015-07537
BDU:2015-07538
BDU:2015-07539
BDU:2015-07540
BDU:2015-07541
BDU:2015-07542
BDU:2015-07543
BDU:2015-07544
BDU:2015-07545
BDU:2015-07546
BDU:2015-07547
BDU:2015-07548
BDU:2015-07549
BDU:2015-07550
BDU:2015-07551
BDU:2015-07552
BDU:2015-09152
BDU:2015-09153
BDU:2015-09154
BDU:2015-09155
BDU:2015-09156
BDU:2015-09157
BDU:2015-09158
BDU:2015-09159
BDU:2015-09160
BDU:2015-09161
BDU:2015-09162
BDU:2015-09163
BDU:2015-09164
BDU:2015-09165
BDU:2015-09166
BDU:2015-09167
BDU:2015-09168
BDU:2015-09169
BDU:2015-09170
BDU:2015-09171
BDU:2015-09172
BDU:2015-09173
BDU:2015-09174
BDU:2015-09175
BDU:2015-09176
BDU:2015-09177
BDU:2015-09178
BDU:2015-09179
BDU:2015-09180
BDU:2015-09181
BDU:2015-09182
BDU:2015-09183
BDU:2015-09184
BDU:2015-09185
BDU:2015-09186
BDU:2015-09187
BDU:2015-09188
BDU:2015-09189
BDU:2015-09190
BDU:2015-09771
CESA-2014_1397
CESA-2014_1654
CESA-2014_1671
CVE-2014-3634
DLA-72-1
DSA-3040-1
MGASA-2014-0411
OPENSUSE-SU-2024:10155-1
OPENSUSE-SU-2024:10498-1
RHSA-2014:1397
RHSA-2014:1654
RHSA-2014:1671
RHSA-2014_1397
RHSA-2014_1654
RHSA-2014_1671
SUSE-SU-2014_1294-1
SUSE-SU-2014_1438-1
USN-2381-1

Affected Products

Alt Linux
Centos
Ibm Aix
Red Hat
Suse
Ubuntu
Rsyslog
Sysklogd