Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-EA7D5876A4.NASLHistoryNov 22, 2019 - 12:00 a.m.
Fedora 31 : rsyslog (2019-ea7d5876a4)
2019-11-2200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
9.7 High
AI Score
Confidence
High
rebase to upstream version 8.1911.0
------------------------------------------------- new modules available :
-
ClickHouse output
-
generic REST API http output
-
docker API input
-
misc. external program input (takes output of specified binary as log source)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-ea7d5876a4.
#
include('compat.inc');
if (description)
{
script_id(131206);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");
script_cve_id("CVE-2019-17040", "CVE-2019-17041", "CVE-2019-17042");
script_xref(name:"FEDORA", value:"2019-ea7d5876a4");
script_name(english:"Fedora 31 : rsyslog (2019-ea7d5876a4)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"rebase to upstream version 8.1911.0
------------------------------------------------- new modules
available :
- ClickHouse output
- generic REST API http output
- docker API input
- misc. external program input (takes output of specified
binary as log source)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ea7d5876a4");
script_set_attribute(attribute:"solution", value:
"Update the affected rsyslog package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17042");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/30");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rsyslog");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"rsyslog-8.1911.0-1.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | rsyslog | p-cpe:/a:fedoraproject:fedora:rsyslog |
| fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
Related
nessus
nessus
Fedora 30 : rsyslog (2019-1fb95ae48d)
2019-11-25 00:00:00
EulerOS 2.0 SP3 : rsyslog (EulerOS-SA-2019-2659)
2019-12-18 00:00:00
Oracle Linux 7 : rsyslog (ELSA-2020-1000)
2023-09-07 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: rsyslog-8.1911.0-1.fc31
2019-11-22 00:48:23
[SECURITY] Fedora 30 Update: rsyslog-8.1911.0-1.fc30
2019-11-24 01:15:08
openvas
openvas
Fedora Update for rsyslog FEDORA-2019-1fb95ae48d
2019-11-26 00:00:00
Fedora Update for rsyslog FEDORA-2019-ea7d5876a4
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2937-1)
2021-06-09 00:00:00
photon
photon
suse
suse
Security update for rsyslog (moderate)
2019-11-13 00:00:00
Security update for rsyslog (moderate)
2019-11-14 00:00:00
oraclelinux
oraclelinux
rsyslog security, bug fix, and enhancement update
2020-04-06 00:00:00
rsyslog security, bug fix, and enhancement update
2020-05-05 00:00:00
centos
centos
rsyslog security update
2020-04-08 19:16:23
redhat
redhat
(RHSA-2020:1000) Moderate: rsyslog security, bug fix, and enhancement update
2020-03-31 09:06:41
(RHSA-2020:1702) Moderate: rsyslog security, bug fix, and enhancement update
2020-04-28 09:06:43
debian
debian
[SECURITY] [DLA 1952-1] rsyslog security update
2019-10-10 00:12:14
[SECURITY] [DLA 2835-1] rsyslog security update
2021-11-30 23:36:30
osv
osv
rsyslog - security update
2021-11-30 00:00:00
rsyslog - security update
2019-10-09 00:00:00
rsyslog vulnerabilities
2022-05-12 08:43:35
amazon
amazon
Medium: rsyslog
2020-06-26 22:55:00
ibm
ibm
mageia
mageia
Updated rsyslog packages fix security vulnerabilities
2019-12-19 16:44:26
ubuntu
ubuntu
Rsyslog vulnerabilities
2022-05-12 00:00:00
redhatcve
redhatcve
alpinelinux
alpinelinux
debiancve
debiancve
cve
cve
prion
prion
Heap overflow
2019-10-07 16:15:00
Design/Logic Flaw
2019-09-30 14:15:00
Heap overflow
2019-10-07 16:15:00
ubuntucve
ubuntucve
f5
f5
K12213311 : Rsyslog v8.1908.0.0 vulnerability CVE-2019-17041
2020-01-15 00:00:00
K84884003 : rsyslog vulnerability CVE-2019-17040
2020-01-14 00:00:00
K39081000 : Rsyslog vulnerability CVE-2019-17042
2020-01-30 00:00:00