Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-001.NASL
HistoryMar 21, 2023 - 12:00 a.m.

Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)

2023-03-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
163
JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-001 advisory.

  • rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. (CVE-2014-3634)

  • Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
    While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules imtcp, imptcp, imgssapi, and imhttp are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module imdiag is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. (CVE-2022-24903)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-001.
##

include('compat.inc');

if (description)
{
  script_id(173094);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/21");

  script_cve_id("CVE-2014-3634", "CVE-2022-24903");

  script_name(english:"Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-001 advisory.

  - rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a
    denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted
    priority (PRI) value that triggers an out-of-bounds array access. (CVE-2014-3634)

  - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap
    buffer overflow when octet-counted framing is used. This can result in a segfault or some other
    malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But
    there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
    While there is a check for the maximum number of octets, digits are written to a heap buffer even when the
    octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence
    of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote
    exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing
    modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`,
    `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to
    directly expose them to the public. When this practice is followed, the risk is considerably lower. Module
    `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present
    on any production installation. Octet-counted framing is not very common. Usually, it needs to be
    specifically enabled at senders. If users do not need it, they can turn it off for the most important
    modules. This will mitigate the vulnerability. (CVE-2022-24903)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-001.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2014-3634.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-24903.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update rsyslog --releasever=2023.0.20230222 ' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3634");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-24903");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-crypto");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-crypto-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-elasticsearch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-elasticsearch-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-logrotate");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmaudit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmaudit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmfields");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmfields-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmjsonparse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmjsonparse-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmkubernetes");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmkubernetes-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmnormalize");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-mmnormalize-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rsyslog-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'rsyslog-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-crypto-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debugsource-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debugsource-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-debugsource-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-doc-8.2204.0-3.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-elasticsearch-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-logrotate-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-logrotate-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-logrotate-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmaudit-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmfields-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmjsonparse-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmkubernetes-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-mmnormalize-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rsyslog-openssl-debuginfo-8.2204.0-3.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog / rsyslog-crypto / rsyslog-crypto-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxrsyslog-mmjsonparsep-cpe:/a:amazon:linux:rsyslog-mmjsonparse
amazonlinuxrsyslog-mmjsonparse-debuginfop-cpe:/a:amazon:linux:rsyslog-mmjsonparse-debuginfo
amazonlinuxrsyslog-mmkubernetesp-cpe:/a:amazon:linux:rsyslog-mmkubernetes
amazonlinuxrsyslog-mmkubernetes-debuginfop-cpe:/a:amazon:linux:rsyslog-mmkubernetes-debuginfo
amazonlinuxrsyslog-mmnormalizep-cpe:/a:amazon:linux:rsyslog-mmnormalize
amazonlinuxrsyslog-mmnormalize-debuginfop-cpe:/a:amazon:linux:rsyslog-mmnormalize-debuginfo
amazonlinuxrsyslog-opensslp-cpe:/a:amazon:linux:rsyslog-openssl
amazonlinuxrsyslog-openssl-debuginfop-cpe:/a:amazon:linux:rsyslog-openssl-debuginfo
amazonlinux2023cpe:/o:amazon:linux:2023
amazonlinuxrsyslogp-cpe:/a:amazon:linux:rsyslog
Rows per page:
1-10 of 221

Related

nessus 74
amazon 3
fedora 7
ibm 4
veracode 2
redhat 10
openvas 45
oraclelinux 7
prion 3
archlinux 1
f5 1
mageia 2
freebsd 2
osv 9
securityvulns 1
debiancve 2
centos 3
cve 2
debian 3
redhatcve 1
cloudlinux 1
cbl_mariner 2
suse 1
broadcom 2
ubuntucve 1
ubuntu 3
almalinux 1
redos 1
rocky 2
alpinelinux 1
rosalinux 1
altlinux 1
nessus
nessus
Amazon Linux 2022 : (ALAS2022-2022-075)
2022-09-06 00:00:00
Amazon Linux 2 : rsyslog (ALAS-2022-1803)
2022-06-07 00:00:00
Amazon Linux AMI : rsyslog (ALAS-2022-1594)
2022-06-10 00:00:00
amazon
amazon
Important: rsyslog
2022-05-31 23:47:00
Important: rsyslog
2022-05-31 23:50:00
Medium: rsyslog
2014-11-11 10:26:00
fedora
fedora
[SECURITY] Fedora 19 Update: sysklogd-1.5-18.fc19
2014-10-27 03:28:59
[SECURITY] Fedora 20 Update: rsyslog-7.4.8-2.fc20
2014-10-16 02:02:22
[SECURITY] Fedora 21 Update: rsyslog-7.4.10-5.fc21
2014-10-16 01:59:57
ibm
ibm
Security Bulletin: Vulnerability in rsyslog affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634)
2018-06-17 22:30:12
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]
2024-03-28 21:59:28
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog (CVE-2022-24903).
2023-01-12 21:59:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:02:37
Buffer Overflow
2022-05-11 10:43:59
redhat
redhat
(RHSA-2014:1397) Important: rsyslog security update
2014-10-13 00:00:00
(RHSA-2014:1671) Moderate: rsyslog5 and rsyslog security update
2014-10-20 00:00:00
(RHSA-2014:1654) Important: rsyslog7 security update
2014-10-16 00:00:00
openvas
openvas
Fedora Update for sysklogd FEDORA-2014-12910
2014-10-27 00:00:00
Oracle: Security Advisory (ELSA-2014-1654)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-445)
2015-09-08 00:00:00
oraclelinux
oraclelinux
rsyslog5 and rsyslog security update
2014-10-20 00:00:00
rsyslog security update
2014-10-13 00:00:00
rsyslog7 security update
2014-10-21 00:00:00
prion
prion
Out-of-bounds
2014-11-02 00:55:00
Heap overflow
2022-05-06 00:15:00
Design/Logic Flaw
2014-10-13 18:55:00
archlinux
archlinux
rsyslog: remote denial of service
2014-10-01 00:00:00
f5
f5
K42903299 : rsyslog: remote syslog PRI vulnerability CVE-2014-3634
2017-07-06 00:00:00
mageia
mageia
Updated rsyslog packages fix CVE-2014-3634
2014-10-09 18:39:32
Updated rsyslog packages fix security vulnerability
2022-05-08 10:58:48
freebsd
freebsd
rsyslog -- remote syslog PRI vulnerability
2014-09-30 00:00:00
rsyslog8 -- heap buffer overflow on receiving TCP syslog
2022-05-05 00:00:00
osv
osv
rsyslog - security update
2014-09-30 00:00:00
CVE-2022-24903
2022-05-06 00:15:07
rsyslog vulnerability
2022-05-24 16:21:20
securityvulns
securityvulns
[SECURITY] [DSA 3040-1] rsyslog security update
2014-10-05 00:00:00
debiancve
debiancve
CVE-2014-3634
2014-11-02 00:55:00
CVE-2022-24903
2022-05-06 00:15:00
centos
centos
rsyslog security update
2014-10-13 19:45:27
rsyslog7 security update
2014-10-20 18:15:12
rsyslog, rsyslog5 security update
2014-10-21 15:10:11
cve
cve
CVE-2014-3634
2014-11-02 00:55:00
CVE-2022-24903
2022-05-06 00:15:00
debian
debian
[SECURITY] [DSA 3040-1] rsyslog security update
2014-09-30 21:14:26
[SECURITY] [DSA 5150-1] rsyslog security update
2022-05-28 19:26:36
[SECURITY] [DSA 3047-1] rsyslog security update
2014-10-08 11:12:07
redhatcve
redhatcve
CVE-2022-24903
2022-05-05 13:36:34
cloudlinux
cloudlinux
Fixed CVE-2022-24903 in rsyslog
2022-06-08 19:49:37
cbl_mariner
cbl_mariner
CVE-2022-24903 affecting package rsyslog for versions less than 8.2204.1-1
2022-06-03 17:54:05
CVE-2022-24903 affecting package rsyslog 8.37.0-6
2022-06-15 17:03:08
suse
suse
Security update for rsyslog (important)
2022-05-09 00:00:00
broadcom
broadcom
CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.
2022-11-08 00:00:00
CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)
2022-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2022-24903
2022-05-05 00:00:00
ubuntu
ubuntu
Rsyslog vulnerability
2022-05-24 00:00:00
Rsyslog vulnerability
2022-05-05 00:00:00
Rsyslog vulnerabilities
2014-10-09 00:00:00
almalinux
almalinux
Important: rsyslog security update
2022-05-30 07:24:07
redos
redos
ROS-20240403-16
2024-04-03 00:00:00
rocky
rocky
rsyslog security update
2022-05-30 07:24:07
rsyslog security update
2022-05-30 07:22:28
alpinelinux
alpinelinux
CVE-2022-24903
2022-05-06 00:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2381
2024-03-26 11:41:42
altlinux
altlinux
Security fix for the ALT Linux 7 package rsyslog version 7.6.7-alt0.M70P.1
2014-10-13 00:00:00
JSON
Related for AL2023_ALAS2023-2023-001.NASL
nessus74amazon3fedora7ibm4veracode2redhat10openvas45oraclelinux7prion3archlinux1f51mageia2freebsd2osv9securityvulns1debiancve2centos3cve2debian3redhatcve1cloudlinux1cbl_mariner2suse1broadcom2ubuntucve1ubuntu3almalinux1redos1rocky2alpinelinux1rosalinux1altlinux1