ID 8E0E86FF-48B5-11E4-AB80-000C29F6AE42 Type freebsd Reporter FreeBSD Modified 2014-10-02T00:00:00
Description
The rsyslog project reports:
potential abort when a message with PRI > 191 was processed
if the "pri-text" property was used in active templates,
this could be abused to a remote denial of service from
permitted senders
The original fix for CVE-2014-3634 was not adequate.
{"id": "8E0E86FF-48B5-11E4-AB80-000C29F6AE42", "bulletinFamily": "unix", "title": "rsyslog -- remote syslog PRI vulnerability", "description": "\nThe rsyslog project reports:\n\npotential abort when a message with PRI > 191 was processed\n\t if the \"pri-text\" property was used in active templates,\n\t this could be abused to a remote denial of service from\n\t permitted senders\nThe original fix for CVE-2014-3634 was not adequate.\n\n", "published": "2014-09-30T00:00:00", "modified": "2014-10-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/8e0e86ff-48b5-11e4-ab80-000c29f6ae42.html", "reporter": "FreeBSD", "references": ["http://www.rsyslog.com/remote-syslog-pri-vulnerability/"], "cvelist": ["CVE-2014-3634"], "type": "freebsd", "lastseen": "2018-08-31T01:14:47", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog8", "packageVersion": "8.4.2"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog", "packageVersion": "7.6.7"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-3634"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nThe rsyslog project reports:\n\npotential abort when a message with PRI > 191 was processed\n\t if the \"pri-text\" property was used in active templates,\n\t this could be abused to a remote denial of service from\n\t permitted senders\nThe original fix for CVE-2014-3634 was not adequate.\n\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "012f33bec076e7a6634d228687a0e6cc39c226d6d1334486b5cd99cec09a967f", "hashmap": [{"hash": "dc91fca8e440cc213161b6ff25c39cdc", "key": "cvelist"}, {"hash": "3fa4bba9414d8a9e54d94b3356658979", "key": "title"}, {"hash": "f1e0ad9087f17ea7c6d61ab88cdb570a", "key": "published"}, {"hash": "5bddbae45dffded383b0ff66546e6a84", "key": "references"}, {"hash": "e1693a88647ed918fc491c7f64dec35d", "key": "href"}, {"hash": "b32902ce17afa92a1015b0da7cc339b1", "key": "modified"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "f104616bc91ba78ff2eba7a838251e3d", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "6d37e2d0d601a02619723638194733d0", "key": "affectedPackage"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/8e0e86ff-48b5-11e4-ab80-000c29f6ae42.html", "id": "8E0E86FF-48B5-11E4-AB80-000C29F6AE42", "lastseen": "2018-08-30T19:14:38", "modified": "2014-10-02T00:00:00", "objectVersion": "1.3", "published": "2014-09-30T00:00:00", "references": ["http://www.rsyslog.com/remote-syslog-pri-vulnerability/"], "reporter": "FreeBSD", "title": "rsyslog -- remote syslog PRI vulnerability", "type": "freebsd", "viewCount": 3}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:14:38"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog8", "packageVersion": "8.4.2"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog", "packageVersion": "7.6.7"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-3634"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nThe rsyslog project reports:\n\npotential abort when a message with PRI > 191 was processed\n\t if the \"pri-text\" property was used in active templates,\n\t this could be abused to a remote denial of service from\n\t permitted senders\nThe original fix for CVE-2014-3634 was not adequate.\n\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e48d78ebc9e38415c684fcd042f8c203447cf8c243f46a3a758e5d9edc185444", "hashmap": [{"hash": "dc91fca8e440cc213161b6ff25c39cdc", "key": "cvelist"}, {"hash": "3fa4bba9414d8a9e54d94b3356658979", "key": "title"}, {"hash": "f1e0ad9087f17ea7c6d61ab88cdb570a", "key": "published"}, {"hash": "5bddbae45dffded383b0ff66546e6a84", "key": "references"}, {"hash": "e1693a88647ed918fc491c7f64dec35d", "key": "href"}, {"hash": "b32902ce17afa92a1015b0da7cc339b1", "key": "modified"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "f104616bc91ba78ff2eba7a838251e3d", "key": "description"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "6d37e2d0d601a02619723638194733d0", "key": "affectedPackage"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/8e0e86ff-48b5-11e4-ab80-000c29f6ae42.html", "id": "8E0E86FF-48B5-11E4-AB80-000C29F6AE42", "lastseen": "2016-09-26T17:24:23", "modified": "2014-10-02T00:00:00", "objectVersion": "1.2", "published": "2014-09-30T00:00:00", "references": ["http://www.rsyslog.com/remote-syslog-pri-vulnerability/"], "reporter": "FreeBSD", "title": "rsyslog -- remote syslog PRI vulnerability", "type": "freebsd", "viewCount": 3}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:23"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "6d37e2d0d601a02619723638194733d0"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "dc91fca8e440cc213161b6ff25c39cdc"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "f104616bc91ba78ff2eba7a838251e3d"}, {"key": "href", "hash": "e1693a88647ed918fc491c7f64dec35d"}, {"key": "modified", "hash": "b32902ce17afa92a1015b0da7cc339b1"}, {"key": "published", "hash": "f1e0ad9087f17ea7c6d61ab88cdb570a"}, {"key": "references", "hash": "5bddbae45dffded383b0ff66546e6a84"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "3fa4bba9414d8a9e54d94b3356658979"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "e48d78ebc9e38415c684fcd042f8c203447cf8c243f46a3a758e5d9edc185444", "viewCount": 8, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3634"]}, {"type": "f5", "idList": ["F5:K42903299"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703040", "OPENVAS:1361412562310868402", "OPENVAS:703040", "OPENVAS:1361412562310123273", "OPENVAS:1361412562310123292", "OPENVAS:1361412562310120428", "OPENVAS:1361412562310123271", "OPENVAS:1361412562310868426", "OPENVAS:1361412562310868427", "OPENVAS:1361412562310871279"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1671", "ELSA-2014-1397", "ELSA-2014-1654"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-1671.NASL", "CENTOS_RHSA-2014-1397.NASL", "MANDRIVA_MDVSA-2015-130.NASL", "FEDORA_2014-12910.NASL", "CENTOS_RHSA-2014-1654.NASL", "SL_20141020_RSYSLOG5_AND_RSYSLOG_ON_SL5_X.NASL", "FEDORA_2014-12563.NASL", "DEBIAN_DSA-3040.NASL", "REDHAT-RHSA-2014-1397.NASL", "REDHAT-RHSA-2014-1654.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31136", "SECURITYVULNS:VULN:13992"]}, {"type": "centos", "idList": ["CESA-2014:1397", "CESA-2014:1671", "CESA-2014:1654"]}, {"type": "amazon", "idList": ["ALAS-2014-445"]}, {"type": "redhat", "idList": ["RHSA-2014:1654", "RHSA-2014:1671", "RHSA-2014:1397"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3040-1:980BB", "DEBIAN:DSA-3047-1:99667", "DEBIAN:DLA-72-1:3BAFB"]}, {"type": "archlinux", "idList": ["ASA-201410-1"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1294-1"]}, {"type": "ubuntu", "idList": ["USN-2381-1"]}, {"type": "aix", "idList": ["RSYSLOG_ADVISORY.ASC"]}, {"type": "gentoo", "idList": ["GLSA-201412-35"]}], "modified": "2018-08-31T01:14:47"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog8", "packageVersion": "8.4.2"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "rsyslog", "packageVersion": "7.6.7"}]}
{"cve": [{"lastseen": "2017-04-18T15:54:56", "bulletinFamily": "NVD", "description": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.", "modified": "2016-10-17T23:44:09", "published": "2014-11-01T20:55:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3634", "id": "CVE-2014-3634", "title": "CVE-2014-3634", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-07-06T08:26:02", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned JIRA ID CPF-24072, CPF-24073, and CPF-24074 (Traffix) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| High| rsyslog\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-07-06T08:02:00", "published": "2017-07-06T08:02:00", "href": "https://support.f5.com/csp/article/K42903299", "id": "F5:K42903299", "title": "rsyslog: remote syslog PRI vulnerability CVE-2014-3634", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:11", "bulletinFamily": "scanner", "description": "Updated rsyslog packages fix security vulnerability :\n\nRainer Gerhards, the rsyslog project leader, reported a vulnerability\nin Rsyslog. As a consequence of this vulnerability an attacker can\nsend malformed messages to a server, if this one accepts data from\nuntrusted sources, and trigger a denial of service attack\n(CVE-2014-3634).", "modified": "2018-07-19T00:00:00", "published": "2015-03-30T00:00:00", "id": "MANDRIVA_MDVSA-2015-130.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82383", "title": "Mandriva Linux Security Advisory : rsyslog (MDVSA-2015:130)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:130. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82383);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_xref(name:\"MDVSA\", value:\"2015:130\");\n\n script_name(english:\"Mandriva Linux Security Advisory : rsyslog (MDVSA-2015:130)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rsyslog packages fix security vulnerability :\n\nRainer Gerhards, the rsyslog project leader, reported a vulnerability\nin Rsyslog. As a consequence of this vulnerability an attacker can\nsend malformed messages to a server, if this one accepts data from\nuntrusted sources, and trigger a denial of service attack\n(CVE-2014-3634).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0411.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-dbi-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-docs-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-gnutls-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-gssapi-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-mysql-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-pgsql-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-relp-5.10.1-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"rsyslog-snmp-5.10.1-3.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:53", "bulletinFamily": "scanner", "description": "Updated rsyslog packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.", "modified": "2018-11-10T00:00:00", "published": "2014-10-14T00:00:00", "id": "CENTOS_RHSA-2014-1397.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78397", "title": "CentOS 7 : rsyslog (CESA-2014:1397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1397 and \n# CentOS Errata and Security Advisory 2014:1397 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_xref(name:\"RHSA\", value:\"2014:1397\");\n\n script_name(english:\"CentOS 7 : rsyslog (CESA-2014:1397)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rsyslog packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020681.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46875aa8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-libdbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mmaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mmsnmptrapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-udpspoof\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-crypto-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-doc-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-elasticsearch-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-gnutls-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-gssapi-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-libdbi-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-mmaudit-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-mmjsonparse-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-mmnormalize-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-mmsnmptrapd-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-mysql-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-pgsql-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-relp-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-snmp-7.4.7-7.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rsyslog-udpspoof-7.4.7-7.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:57", "bulletinFamily": "scanner", "description": "Updated rsyslog5 and rsyslog packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the update, the rsyslog service will be restarted\nautomatically.", "modified": "2018-11-26T00:00:00", "published": "2014-10-21T00:00:00", "id": "REDHAT-RHSA-2014-1671.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78595", "title": "RHEL 5 / 6 : rsyslog5 and rsyslog (RHSA-2014:1671)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1671. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78595);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70243);\n script_xref(name:\"RHSA\", value:\"2014:1671\");\n\n script_name(english:\"RHEL 5 / 6 : rsyslog5 and rsyslog (RHSA-2014:1671)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rsyslog5 and rsyslog packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the update, the rsyslog service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3634\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1671\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-debuginfo-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-debuginfo-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-debuginfo-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-gnutls-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-gnutls-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-gnutls-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-gssapi-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-gssapi-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-gssapi-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-mysql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-mysql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-mysql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-pgsql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-pgsql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-pgsql-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rsyslog5-snmp-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rsyslog5-snmp-5.8.12-5.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rsyslog5-snmp-5.8.12-5.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-debuginfo-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-debuginfo-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-debuginfo-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-gnutls-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-gnutls-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-gnutls-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-gssapi-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-gssapi-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-gssapi-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-mysql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-mysql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-mysql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-pgsql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-pgsql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-pgsql-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-relp-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-relp-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-relp-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rsyslog-snmp-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rsyslog-snmp-5.8.10-9.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rsyslog-snmp-5.8.10-9.el6_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog / rsyslog-debuginfo / rsyslog-gnutls / rsyslog-gssapi / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:58", "bulletinFamily": "scanner", "description": "Updated rsyslog5 and rsyslog packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the update, the rsyslog service will be restarted\nautomatically.", "modified": "2018-11-10T00:00:00", "published": "2014-10-22T00:00:00", "id": "CENTOS_RHSA-2014-1671.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78607", "title": "CentOS 5 / 6 : rsyslog / rsyslog5 (CESA-2014:1671)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1671 and \n# CentOS Errata and Security Advisory 2014:1671 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78607);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70187, 70243);\n script_xref(name:\"RHSA\", value:\"2014:1671\");\n\n script_name(english:\"CentOS 5 / 6 : rsyslog / rsyslog5 (CESA-2014:1671)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rsyslog5 and rsyslog packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the update, the rsyslog service will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51eeab03\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2014-October/001483.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea896841\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog and / or rsyslog5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-5.8.12-5.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-gnutls-5.8.12-5.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-gssapi-5.8.12-5.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-mysql-5.8.12-5.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-pgsql-5.8.12-5.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rsyslog5-snmp-5.8.12-5.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-gnutls-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-gssapi-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-mysql-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-pgsql-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-relp-5.8.10-9.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog-snmp-5.8.10-9.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:47", "bulletinFamily": "scanner", "description": "The rsyslog project reports :\n\npotential abort when a message with PRI > 191 was processed if the\n'pri-text' property was used in active templates, this could be abused\nto a remote denial of service from permitted senders\n\nThe original fix for CVE-2014-3634 was not adequate.", "modified": "2018-11-21T00:00:00", "published": "2014-10-01T00:00:00", "id": "FREEBSD_PKG_8E0E86FF48B511E4AB80000C29F6AE42.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78003", "title": "FreeBSD : rsyslog -- remote syslog PRI vulnerability (8e0e86ff-48b5-11e4-ab80-000c29f6ae42)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78003);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2014-3634\");\n\n script_name(english:\"FreeBSD : rsyslog -- remote syslog PRI vulnerability (8e0e86ff-48b5-11e4-ab80-000c29f6ae42)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The rsyslog project reports :\n\npotential abort when a message with PRI > 191 was processed if the\n'pri-text' property was used in active templates, this could be abused\nto a remote denial of service from permitted senders\n\nThe original fix for CVE-2014-3634 was not adequate.\"\n );\n # http://www.rsyslog.com/remote-syslog-pri-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.rsyslog.com/remote-syslog-pri-vulnerability/\"\n );\n # https://vuxml.freebsd.org/freebsd/8e0e86ff-48b5-11e4-ab80-000c29f6ae42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2936f11f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rsyslog8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rsyslog<7.6.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rsyslog8<8.4.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:53", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1397 :\n\nUpdated rsyslog packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.", "modified": "2018-07-18T00:00:00", "published": "2014-10-14T00:00:00", "id": "ORACLELINUX_ELSA-2014-1397.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78404", "title": "Oracle Linux 7 : rsyslog (ELSA-2014-1397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1397 and \n# Oracle Linux Security Advisory ELSA-2014-1397 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78404);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70187);\n script_xref(name:\"RHSA\", value:\"2014:1397\");\n\n script_name(english:\"Oracle Linux 7 : rsyslog (ELSA-2014-1397)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1397 :\n\nUpdated rsyslog packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004516.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-libdbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-mmaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-mmsnmptrapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rsyslog-udpspoof\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-crypto-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-doc-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-elasticsearch-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-gnutls-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-gssapi-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-libdbi-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-mmaudit-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-mmjsonparse-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-mmnormalize-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-mmsnmptrapd-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-mysql-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-pgsql-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-relp-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-snmp-7.4.7-7.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rsyslog-udpspoof-7.4.7-7.0.1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog / rsyslog-crypto / rsyslog-doc / rsyslog-elasticsearch / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:01", "bulletinFamily": "scanner", "description": "Added patch for remote syslog PRI vulnerability (#1142373)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-11-03T00:00:00", "id": "FEDORA_2014-12875.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78793", "title": "Fedora 21 : sysklogd-1.5-18.fc21 (2014-12875)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12875.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78793);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:14:41 $\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70243);\n script_xref(name:\"FEDORA\", value:\"2014-12875\");\n\n script_name(english:\"Fedora 21 : sysklogd-1.5-18.fc21 (2014-12875)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added patch for remote syslog PRI vulnerability (#1142373)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1142373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/141872.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ba4e916\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sysklogd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sysklogd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"sysklogd-1.5-18.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sysklogd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:13", "bulletinFamily": "scanner", "description": "A flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)", "modified": "2018-04-18T00:00:00", "published": "2014-11-18T00:00:00", "id": "ALA_ALAS-2014-445.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79294", "title": "Amazon Linux AMI : rsyslog (ALAS-2014-445)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-445.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79294);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_xref(name:\"ALAS\", value:\"2014-445\");\n script_xref(name:\"RHSA\", value:\"2014:1671\");\n\n script_name(english:\"Amazon Linux AMI : rsyslog (ALAS-2014-445)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon. (CVE-2014-3634)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-445.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update rsyslog' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-debuginfo-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-gnutls-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-gssapi-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-mysql-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-pgsql-5.8.10-9.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rsyslog-snmp-5.8.10-9.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog / rsyslog-debuginfo / rsyslog-gnutls / rsyslog-gssapi / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:55", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-3634\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-10-16T00:00:00", "id": "FEDORA_2014-12563.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78493", "title": "Fedora 21 : rsyslog-7.4.10-5.fc21 (2014-12563)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12563.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78493);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:14:41 $\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70187);\n script_xref(name:\"FEDORA\", value:\"2014-12563\");\n\n script_name(english:\"Fedora 21 : rsyslog-7.4.10-5.fc21 (2014-12563)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-3634\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1142373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140883.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ef2a9d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"rsyslog-7.4.10-5.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:11", "bulletinFamily": "scanner", "description": "Updated rsyslog7 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog7 packages provide an enhanced, multi-threaded syslog\ndaemon that supports writing to relational databases, syslog/TCP, RFC\n3195, permitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog7 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.", "modified": "2018-11-10T00:00:00", "published": "2014-11-12T00:00:00", "id": "CENTOS_RHSA-2014-1654.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79187", "title": "CentOS 6 : rsyslog7 (CESA-2014:1654)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1654 and \n# CentOS Errata and Security Advisory 2014:1654 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79187);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-3634\");\n script_bugtraq_id(70243);\n script_xref(name:\"RHSA\", value:\"2014:1654\");\n\n script_name(english:\"CentOS 6 : rsyslog7 (CESA-2014:1654)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rsyslog7 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe rsyslog7 packages provide an enhanced, multi-threaded syslog\ndaemon that supports writing to relational databases, syslog/TCP, RFC\n3195, permitted sender lists, filtering on any message part, and fine\ngrained output format control.\n\nA flaw was found in the way rsyslog handled invalid log message\npriority values. In certain configurations, a local attacker, or a\nremote attacker able to connect to the rsyslog port, could use this\nflaw to crash the rsyslog daemon or, potentially, execute arbitrary\ncode as the user running the rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog7 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2014-October/001478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03d3c19f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog7 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rsyslog7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-elasticsearch-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-gnutls-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-gssapi-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-mysql-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-pgsql-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-relp-7.4.10-3.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rsyslog7-snmp-7.4.10-3.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:21", "bulletinFamily": "unix", "description": "[5.8.12-5.0.1]\n- use setsid() to get a controlling session and process group [Orabug: 17364545]\n[5.8.12-5]\n- fix CVE-2014-3634\n resolves: #1149158", "modified": "2014-10-20T00:00:00", "published": "2014-10-20T00:00:00", "id": "ELSA-2014-1671", "href": "http://linux.oracle.com/errata/ELSA-2014-1671.html", "title": "rsyslog5 and rsyslog security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:47:14", "bulletinFamily": "unix", "description": "[7.4.10-3]\n- fix CVE-2014-3634\n resolves: #1149150", "modified": "2014-10-21T00:00:00", "published": "2014-10-21T00:00:00", "id": "ELSA-2014-1654", "href": "http://linux.oracle.com/errata/ELSA-2014-1654.html", "title": "rsyslog7 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:57", "bulletinFamily": "unix", "description": "[7.4.7-7.0.1]\n- use setsid() to get a controlling session and process group [Orabug: 17346261] (Todd Vierling)\n[7.4.7-7]\n- fix CVE-2014-3634\n resolves: #1149152", "modified": "2014-10-13T00:00:00", "published": "2014-10-13T00:00:00", "id": "ELSA-2014-1397", "href": "http://linux.oracle.com/errata/ELSA-2014-1397.html", "title": "rsyslog security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:55:19", "bulletinFamily": "scanner", "description": "Rainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.", "modified": "2018-04-06T00:00:00", "published": "2014-09-30T00:00:00", "id": "OPENVAS:1361412562310703040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703040", "title": "Debian Security Advisory DSA 3040-1 (rsyslog - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3040.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3040-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703040\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-3634\");\n script_name(\"Debian Security Advisory DSA 3040-1 (rsyslog - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-30 00:00:00 +0200 (Tue, 30 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3040.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rsyslog on Debian Linux\");\n script_tag(name: \"insight\", value: \"Rsyslog is a multi-threaded implementation of syslogd (a system utility\nproviding support for message logging), with features that include:\n\n* reliable syslog over TCP, SSL/TLS and RELP\n* on-demand disk buffering\n* email alerting\n* writing to MySQL or PostgreSQL databases (via separate output plugins)\n* permitted sender lists\n* filtering on any part of the syslog message\n* on-the-wire message compression\n* fine-grained output format control\n* failover to backup destinations\n* enterprise-class encrypted syslog relaying\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.4.1-1.\n\nWe recommend that you upgrade your rsyslog packages.\");\n script_tag(name: \"summary\", value: \"Rainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:02", "bulletinFamily": "scanner", "description": "Check the version of sysklogd", "modified": "2017-07-18T00:00:00", "published": "2014-10-27T00:00:00", "id": "OPENVAS:1361412562310868427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868427", "title": "Fedora Update for sysklogd FEDORA-2014-12910", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sysklogd FEDORA-2014-12910\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868427\");\n script_version(\"$Revision: 6750 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-27 05:46:56 +0100 (Mon, 27 Oct 2014)\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for sysklogd FEDORA-2014-12910\");\n script_tag(name: \"summary\", value: \"Check the version of sysklogd\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The sysklogd package contains two system utilities (syslogd and klogd)\nwhich provide support for system logging. Syslogd and klogd run as\ndaemons (background processes) and log system messages to different\nplaces, like sendmail logs, security logs, error logs, etc.\n\");\n script_tag(name: \"affected\", value: \"sysklogd on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-12910\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141380.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysklogd\", rpm:\"sysklogd~1.5~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:14:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENVAS:1361412562310871273", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871273", "title": "RedHat Update for rsyslog7 RHSA-2014:1654-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for rsyslog7 RHSA-2014:1654-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871273\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 05:58:22 +0200 (Fri, 17 Oct 2014)\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for rsyslog7 RHSA-2014:1654-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsyslog7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon or, potentially, execute arbitrary code as the user running\nthe rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog7 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the rsyslog service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"rsyslog7 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1654-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00032.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsyslog7\", rpm:\"rsyslog7~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-debuginfo\", rpm:\"rsyslog7-debuginfo~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-gnutls\", rpm:\"rsyslog7-gnutls~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-gssapi\", rpm:\"rsyslog7-gssapi~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-mysql\", rpm:\"rsyslog7-mysql~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-pgsql\", rpm:\"rsyslog7-pgsql~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog7-relp\", rpm:\"rsyslog7-relp~7.4.10~3.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-10-22T00:00:00", "id": "OPENVAS:1361412562310871279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871279", "title": "RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871279\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-22 06:01:39 +0200 (Wed, 22 Oct 2014)\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsyslog5 and rsyslog'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"rsyslog5 and rsyslog on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1671-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-October/msg00038.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-debuginfo\", rpm:\"rsyslog-debuginfo~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~5.8.10~9.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsyslog5\", rpm:\"rsyslog5~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-debuginfo\", rpm:\"rsyslog5-debuginfo~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-gnutls\", rpm:\"rsyslog5-gnutls~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-gssapi\", rpm:\"rsyslog5-gssapi~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-mysql\", rpm:\"rsyslog5-mysql~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-pgsql\", rpm:\"rsyslog5-pgsql~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsyslog5-snmp\", rpm:\"rsyslog5-snmp~5.8.12~5.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:20", "bulletinFamily": "scanner", "description": "Rainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.", "modified": "2017-07-11T00:00:00", "published": "2014-09-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703040", "id": "OPENVAS:703040", "title": "Debian Security Advisory DSA 3040-1 (rsyslog - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3040.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 3040-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703040);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-3634\");\n script_name(\"Debian Security Advisory DSA 3040-1 (rsyslog - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-30 00:00:00 +0200 (Tue, 30 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3040.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rsyslog on Debian Linux\");\n script_tag(name: \"insight\", value: \"Rsyslog is a multi-threaded implementation of syslogd (a system utility\nproviding support for message logging), with features that include:\n\n* reliable syslog over TCP, SSL/TLS and RELP\n* on-demand disk buffering\n* email alerting\n* writing to MySQL or PostgreSQL databases (via separate output plugins)\n* permitted sender lists\n* filtering on any part of the syslog message\n* on-the-wire message compression\n* fine-grained output format control\n* failover to backup destinations\n* enterprise-class encrypted syslog relaying\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.4.1-1.\n\nWe recommend that you upgrade your rsyslog packages.\");\n script_tag(name: \"summary\", value: \"Rainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-doc\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"5.8.11-3+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:07", "bulletinFamily": "scanner", "description": "Check the version of rsyslog", "modified": "2017-07-12T00:00:00", "published": "2014-10-16T00:00:00", "id": "OPENVAS:1361412562310868402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868402", "title": "Fedora Update for rsyslog FEDORA-2014-12503", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rsyslog FEDORA-2014-12503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868402\");\n script_version(\"$Revision: 6692 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-16 05:58:37 +0200 (Thu, 16 Oct 2014)\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for rsyslog FEDORA-2014-12503\");\n script_tag(name: \"summary\", value: \"Check the version of rsyslog\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL,\nsyslog/TCP, RFC 3195, permitted sender lists, filtering on any message part,\nand fine grain output format control. It is compatible with stock sysklogd\nand can be used as a drop-in replacement. Rsyslog is simple to set up, with\nadvanced features suitable for enterprise-class, encryption-protected syslog\nrelay chains.\n\");\n script_tag(name: \"affected\", value: \"rsyslog on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-12503\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140896.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~7.4.8~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:18", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1671", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123273", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123273", "title": "Oracle Linux Local Check: ELSA-2014-1671", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1671.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123273\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:35 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1671\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1671 - rsyslog5 and rsyslog security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1671\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1671.html\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"rsyslog5\", rpm:\"rsyslog5~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog5-gnutls\", rpm:\"rsyslog5-gnutls~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog5-gssapi\", rpm:\"rsyslog5-gssapi~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog5-mysql\", rpm:\"rsyslog5-mysql~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog5-pgsql\", rpm:\"rsyslog5-pgsql~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog5-snmp\", rpm:\"rsyslog5-snmp~5.8.12~5.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-snmp\", rpm:\"rsyslog-snmp~5.8.10~9.0.1.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:02", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1654", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123271", "title": "Oracle Linux Local Check: ELSA-2014-1654", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1654.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123271\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:34 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1654\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1654 - rsyslog7 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1654\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1654.html\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"rsyslog7\", rpm:\"rsyslog7~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-elasticsearch\", rpm:\"rsyslog7-elasticsearch~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-gnutls\", rpm:\"rsyslog7-gnutls~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-gssapi\", rpm:\"rsyslog7-gssapi~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-mysql\", rpm:\"rsyslog7-mysql~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-pgsql\", rpm:\"rsyslog7-pgsql~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-relp\", rpm:\"rsyslog7-relp~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog7-snmp\", rpm:\"rsyslog7-snmp~7.4.10~3.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1397", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123292", "title": "Oracle Linux Local Check: ELSA-2014-1397", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1397.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123292\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:51 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1397\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1397 - rsyslog security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1397\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1397.html\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-crypto\", rpm:\"rsyslog-crypto~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-doc\", rpm:\"rsyslog-doc~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-elasticsearch\", rpm:\"rsyslog-elasticsearch~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-libdbi\", rpm:\"rsyslog-libdbi~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mmaudit\", rpm:\"rsyslog-mmaudit~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mmnormalize\", rpm:\"rsyslog-mmnormalize~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mmsnmptrapd\", rpm:\"rsyslog-mmsnmptrapd~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-snmp\", rpm:\"rsyslog-snmp~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rsyslog-udpspoof\", rpm:\"rsyslog-udpspoof~7.4.7~7.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:45", "bulletinFamily": "scanner", "description": "Check the version of sysklogd", "modified": "2017-07-19T00:00:00", "published": "2014-10-27T00:00:00", "id": "OPENVAS:1361412562310868426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868426", "title": "Fedora Update for sysklogd FEDORA-2014-12878", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sysklogd FEDORA-2014-12878\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868426\");\n script_version(\"$Revision: 6759 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-27 05:46:55 +0100 (Mon, 27 Oct 2014)\");\n script_cve_id(\"CVE-2014-3634\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for sysklogd FEDORA-2014-12878\");\n script_tag(name: \"summary\", value: \"Check the version of sysklogd\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The sysklogd package contains two system utilities (syslogd and klogd)\nwhich provide support for system logging. Syslogd and klogd run as\ndaemons (background processes) and log system messages to different\nplaces, like sendmail logs, security logs, error logs, etc.\n\");\n script_tag(name: \"affected\", value: \"sysklogd on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-12878\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141388.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"sysklogd\", rpm:\"sysklogd~1.5~18.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:24", "bulletinFamily": "unix", "description": "The rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon or, potentially, execute arbitrary code as the user running\nthe rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the rsyslog service will be restarted automatically.\n", "modified": "2018-04-12T03:33:37", "published": "2014-10-13T04:00:00", "id": "RHSA-2014:1397", "href": "https://access.redhat.com/errata/RHSA-2014:1397", "type": "redhat", "title": "(RHSA-2014:1397) Important: rsyslog security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:32", "bulletinFamily": "unix", "description": "The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon or, potentially, execute arbitrary code as the user running\nthe rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog7 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the rsyslog service will be restarted automatically.\n", "modified": "2018-06-06T20:24:34", "published": "2014-10-16T04:00:00", "id": "RHSA-2014:1654", "href": "https://access.redhat.com/errata/RHSA-2014:1654", "type": "redhat", "title": "(RHSA-2014:1654) Important: rsyslog7 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:55", "bulletinFamily": "unix", "description": "The rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted automatically.\n", "modified": "2018-06-06T20:24:27", "published": "2014-10-20T04:00:00", "id": "RHSA-2014:1671", "href": "https://access.redhat.com/errata/RHSA-2014:1671", "type": "redhat", "title": "(RHSA-2014:1671) Moderate: rsyslog5 and rsyslog security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3040-1 security@debian.org\r\nhttp://www.debian.org/security/ \r\nSeptember 30, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : rsyslog\r\nCVE ID : CVE-2014-3634\r\n\r\nRainer Gerhards, the rsyslog project leader, reported a vulnerability in\r\nRsyslog, a system for log processing. As a consequence of this\r\nvulnerability an attacker can send malformed messages to a server, if\r\nthis one accepts data from untrusted sources, and trigger a denial of\r\nservice attack.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 5.8.11-3+deb7u1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 8.4.1-1.\r\n\r\nWe recommend that you upgrade your rsyslog packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQIcBAEBCAAGBQJUKxzwAAoJEG7C3vaP/jd0FCAP/j3PkBtRiX5Xfu9Y5AUh80dG\r\nI8z2KZb51G3pBh5MKB1jn4W4jafhIK++kJ9bqSmtlUiHtnhj78ylP7TMfzTmACQd\r\ns+GeTHh5nDfaSN8Tyaw0uf6n6SmaH+/sj6BBR6esXdFqvED2r1MMy5GD4OaYRMvd\r\nI9FdaCZeoytuJMj5PwdF5cxSFlgWWaymD/xINkAA+z0kXCYmZE+aYbsyN5GKB0ta\r\n9whD4GQZxsMTrjj28vj+cO++OjTSVj+xr67H4eNe8qNcxPTNeBC82s3RK4REKTZX\r\nFLu6bMXtdBFibiq7+tQGoQl1YOAenox5Yb3LpKnBa2fIgouZ/gs1fOTb5v13cNAU\r\n6up+s9X/JW4MU2bDV3TC/jry9hKQI3nBjIOYobKlX8DAxhWJEIRKm8HCbotsktKj\r\n/kdzaUNqgQ3vSQBidbQSty2h7IlC0GhG+QR91HFqq5qUcKbggf5tNGNU86HT3zvD\r\nvfYAiNroN14mxDwEwbUnrZ7E4BSZxjr7xIv5N1a80FdGV/C0gyotKlK7Lx5GapM0\r\nbZyRHUloO885kURlzzm5fxe9vRTtD5iF/w2NNsRhZCo1VFEvlf3UMrVW64atGMjH\r\nsDFZcclV6lALmOSGWGF7l/EWUM3UQ/wKyxTZTiK6gZ+SlZpZTlGQ19hUlqc1az+T\r\ndl/U/APBaNQKLLX45CXZ\r\n=aQBZ\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-10-05T00:00:00", "published": "2014-10-05T00:00:00", "id": "SECURITYVULNS:DOC:31136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31136", "title": "[SECURITY] [DSA 3040-1] rsyslog security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "DoS on request parsing.", "modified": "2014-10-05T00:00:00", "published": "2014-10-05T00:00:00", "id": "SECURITYVULNS:VULN:13992", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13992", "title": "rsyslog DoS", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:26:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1397\n\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon or, potentially, execute arbitrary code as the user running\nthe rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the rsyslog service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020681.html\n\n**Affected packages:**\nrsyslog\nrsyslog-crypto\nrsyslog-doc\nrsyslog-elasticsearch\nrsyslog-gnutls\nrsyslog-gssapi\nrsyslog-libdbi\nrsyslog-mmaudit\nrsyslog-mmjsonparse\nrsyslog-mmnormalize\nrsyslog-mmsnmptrapd\nrsyslog-mysql\nrsyslog-pgsql\nrsyslog-relp\nrsyslog-snmp\nrsyslog-udpspoof\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1397.html", "modified": "2014-10-13T19:45:27", "published": "2014-10-13T19:45:27", "href": "http://lists.centos.org/pipermail/centos-announce/2014-October/020681.html", "id": "CESA-2014:1397", "title": "rsyslog security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-09T11:45:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1671\n\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog5 and rsyslog users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue. After\ninstalling the update, the rsyslog service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-October/020699.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2014-October/001483.html\n\n**Affected packages:**\nrsyslog\nrsyslog-gnutls\nrsyslog-gssapi\nrsyslog-mysql\nrsyslog-pgsql\nrsyslog-relp\nrsyslog-snmp\nrsyslog5\nrsyslog5-gnutls\nrsyslog5-gssapi\nrsyslog5-mysql\nrsyslog5-pgsql\nrsyslog5-snmp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1671.html", "modified": "2014-10-21T16:39:04", "published": "2014-10-21T15:10:11", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2014-October/001483.html", "id": "CESA-2014:1671", "title": "rsyslog, rsyslog5 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1654\n\n\nThe rsyslog7 packages provide an enhanced, multi-threaded syslog daemon\nthat supports writing to relational databases, syslog/TCP, RFC 3195,\npermitted sender lists, filtering on any message part, and fine grained\noutput format control.\n\nA flaw was found in the way rsyslog handled invalid log message priority\nvalues. In certain configurations, a local attacker, or a remote attacker\nable to connect to the rsyslog port, could use this flaw to crash the\nrsyslog daemon or, potentially, execute arbitrary code as the user running\nthe rsyslog daemon. (CVE-2014-3634)\n\nRed Hat would like to thank Rainer Gerhards of rsyslog upstream for\nreporting this issue.\n\nAll rsyslog7 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the rsyslog service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2014-October/001478.html\n\n**Affected packages:**\nrsyslog7\nrsyslog7-elasticsearch\nrsyslog7-gnutls\nrsyslog7-gssapi\nrsyslog7-mysql\nrsyslog7-pgsql\nrsyslog7-relp\nrsyslog7-snmp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1654.html", "modified": "2014-10-20T18:15:12", "published": "2014-10-20T18:15:12", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2014-October/001478.html", "id": "CESA-2014:1654", "title": "rsyslog7 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:18", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. ([CVE-2014-3634 __](<https://access.redhat.com/security/cve/CVE-2014-3634>))\n\n \n**Affected Packages:** \n\n\nrsyslog\n\n \n**Issue Correction:** \nRun _yum update rsyslog_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n rsyslog-mysql-5.8.10-9.26.amzn1.i686 \n rsyslog-debuginfo-5.8.10-9.26.amzn1.i686 \n rsyslog-pgsql-5.8.10-9.26.amzn1.i686 \n rsyslog-gnutls-5.8.10-9.26.amzn1.i686 \n rsyslog-gssapi-5.8.10-9.26.amzn1.i686 \n rsyslog-5.8.10-9.26.amzn1.i686 \n rsyslog-snmp-5.8.10-9.26.amzn1.i686 \n \n src: \n rsyslog-5.8.10-9.26.amzn1.src \n \n x86_64: \n rsyslog-5.8.10-9.26.amzn1.x86_64 \n rsyslog-snmp-5.8.10-9.26.amzn1.x86_64 \n rsyslog-gssapi-5.8.10-9.26.amzn1.x86_64 \n rsyslog-pgsql-5.8.10-9.26.amzn1.x86_64 \n rsyslog-mysql-5.8.10-9.26.amzn1.x86_64 \n rsyslog-debuginfo-5.8.10-9.26.amzn1.x86_64 \n rsyslog-gnutls-5.8.10-9.26.amzn1.x86_64 \n \n \n", "modified": "2014-11-11T10:34:00", "published": "2014-11-11T10:34:00", "id": "ALAS-2014-445", "href": "https://alas.aws.amazon.com/ALAS-2014-445.html", "title": "Medium: rsyslog", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "description": "Sending a syslog message containing an invalid PRI value to a\nvulnerable rsyslog server accepting remote message will trigger a denial\nof service by crashing the rsyslog process.", "modified": "2014-10-01T00:00:00", "published": "2014-10-01T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html", "id": "ASA-201410-1", "title": "rsyslog: remote denial of service", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:34", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3040-1 security@debian.org\nhttp://www.debian.org/security/ \nSeptember 30, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rsyslog\nCVE ID : CVE-2014-3634\n\nRainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.4.1-1.\n\nWe recommend that you upgrade your rsyslog packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-09-30T21:14:26", "published": "2014-09-30T21:14:26", "id": "DEBIAN:DSA-3040-1:980BB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00228.html", "title": "[SECURITY] [DSA 3040-1] rsyslog security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:43", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3047-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nOctober 08, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rsyslog\nCVE ID : CVE-2014-3683\n\nMancha discovered a vulnerability in rsyslog, a system for log\nprocessing. This vulnerability is an integer overflow that can be\ntriggered by malformed messages to a server, if this one accepts data\nfrom untrusted sources, provoking message loss.\n\nThis vulnerability can be seen as an incomplete fix of CVE-2014-3634\n(DSA 3040-1).\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u2.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 8.4.2-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.4.2-1.\n\nWe recommend that you upgrade your rsyslog packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-10-08T11:12:07", "published": "2014-10-08T11:12:07", "id": "DEBIAN:DSA-3047-1:99667", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00234.html", "title": "[SECURITY] [DSA 3047-1] rsyslog security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:11", "bulletinFamily": "unix", "description": "Package : rsylog\nVersion : 4.6.4-2+deb6u1\nCVE ID : CVE-2014-3634 CVE-2014-3683\n\n\nCVE-2014-3634\n\n Fix remote syslog vulnerability due to improper handling\n of invalid PRI values.\n\n\nCVE-2014-3683\n\n Followup fix for CVE-2014-3634. The initial patch was incomplete.\n It did not cover cases where PRI values > MAX_INT caused integer\n overflows resulting in negative values.\n\n", "modified": "2014-10-19T17:00:31", "published": "2014-10-19T17:00:31", "id": "DEBIAN:DLA-72-1:3BAFB", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00004.html", "title": "[SECURITY] [DLA 72-1] rsylog security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:23:07", "bulletinFamily": "unix", "description": "rsyslog has been updated to fix a remote denial of service issue:\n\n * Under certain configurations, a local or remote attacker able to\n send syslog messages to the server could have crashed the log server\n due to an array overread. (CVE-2014-3634, CVE-2014-3683)\n\n Security Issues:\n\n * CVE-2014-3634\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634</a>>\n * CVE-2014-3683\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683</a>>\n\n", "modified": "2014-10-15T00:04:46", "published": "2014-10-15T00:04:46", "id": "SUSE-SU-2014:1294-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html", "title": "Security update for rsyslog (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2018-08-31T00:08:35", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Nov 14 03:31:13 PM CST 2014 \n| Updated: Mon Dec 01 10:21:50 AM CST 2014\n| Update: Fileset name incorrect in lslpp command\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: Open Source RSyslog vulnerability \n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3634\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL DTLS recursion flaw\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3683\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3634\n RSyslog is vulnerable to a denial of service. By sending a \n specially-crafted message, a remote attacker could exploit this \n vulnerability to cause the service to crash.\n\n 2. CVE-2014-3683\n RSyslog is vulnerable to a denial of service, caused by an \n incomplete fix related to an integer overflow when parsing PRI. By sending\n a specially-crafted message, a remote attacker could exploit this \n vulnerability to cause the service to crash.\n\nII. CVSS\n\n 1. CVE-2014-3634\n CVSS Base Score: 5.0\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/96794\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n 2. CVE-2014-3683\n CVSS Base Score: 5.0\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/96835\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n| lslpp -L |grep rsyslog.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3634 \n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n rsyslog.base 5.8.6.1 5.8.6.3 \n\n B. CVE-2014-3683\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n rsyslog.base 5.8.6.1 5.8.6.3 \n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/rsyslog_fix.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on RSyslog version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 5.3, 6.1, 7.1 IV66633s0a.141107.epkg.Z\t rsyslog.base(5.8.6.3 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name(prereq for installation)\n -------------------------------------------------------------------------------------\n 2.2.* IV66633s0a.141107.epkg.Z\t rsyslog.base(5.8.6.3 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf rsyslog_fix.tar\n cd rsyslog_fix\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n\t\t----------------------------------------------------------------------------------------------\n \ta2406c9f30168361ece853196e6297511e6d9d6911af1a2944124c652d898771 \tIV66633s0a.141107.epkg.Z\n\n\t\tThese sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc.sig \n\n\t\topenssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of rsyslog version 5.8.6.4.\n\t\tThe estimated availability date of filesets is by 5th December 2014 and can be downloaded from - \n\t\thttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=Rsyslog&cp=UTF-8\n\n\tB. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n \n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/96794\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/96835\n CVE-2014-3634 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634\n CVE-2014-3683 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "modified": "2014-12-01T10:21:50", "published": "2014-11-14T15:31:13", "id": "RSYSLOG_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/rsyslog_advisory.asc", "title": "Open Source RSyslog vulnerability", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:12", "bulletinFamily": "unix", "description": "It was discovered that Rsyslog incorrectly handled invalid PRI values. An attacker could use this issue to send malformed messages to the Rsyslog server and cause it to stop responding, resulting in a denial of service and possibly message loss. (CVE-2014-3634, CVE-2014-3683)", "modified": "2014-10-09T00:00:00", "published": "2014-10-09T00:00:00", "id": "USN-2381-1", "href": "https://usn.ubuntu.com/2381-1/", "title": "Rsyslog vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:45:59", "bulletinFamily": "unix", "description": "### Background\n\nRSYSLOG is an enhanced multi-threaded syslogd with database support and more. \n\n### Description\n\nMultiple vulnerabilities have been discovered in RSYSLOG. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RSYSLOG users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/rsyslog-8.4.2\"", "modified": "2014-12-24T00:00:00", "published": "2014-12-24T00:00:00", "id": "GLSA-201412-35", "href": "https://security.gentoo.org/glsa/201412-35", "type": "gentoo", "title": "RSYSLOG: Denial of Service", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
