Lucene search
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-100.NASLHistoryJun 26, 2012 - 12:00 a.m.
Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)
2012-06-2600:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
8
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability has been discovered and corrected in rsyslog :
An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service (rsyslogd daemon hang) via specially crafted message, to be logged (CVE-2011-4623).
The updated packages have been patched to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2012:100.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(59710);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2011-4623");
script_bugtraq_id(51171);
script_xref(name:"MDVSA", value:"2012:100");
script_name(english:"Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A vulnerability has been discovered and corrected in rsyslog :
An integer signedness error, leading to heap based buffer overflow was
found in the way the imfile module of rsyslog, an enhanced system
logging and kernel message trapping daemon, processed text files
larger than 64 KB. When the imfile rsyslog module was enabled, a local
attacker could use this flaw to cause denial of service (rsyslogd
daemon hang) via specially crafted message, to be logged
(CVE-2011-4623).
The updated packages have been patched to correct this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-dbi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-gssapi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-relp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsyslog-snmp");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
script_set_attribute(attribute:"patch_publication_date", value:"2012/06/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-dbi-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-docs-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-gssapi-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-mysql-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-pgsql-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-relp-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"rsyslog-snmp-4.6.2-3.2mdv2010.2", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | rsyslog | p-cpe:/a:mandriva:linux:rsyslog |
| mandriva | linux | rsyslog-dbi | p-cpe:/a:mandriva:linux:rsyslog-dbi |
| mandriva | linux | rsyslog-docs | p-cpe:/a:mandriva:linux:rsyslog-docs |
| mandriva | linux | rsyslog-gssapi | p-cpe:/a:mandriva:linux:rsyslog-gssapi |
| mandriva | linux | rsyslog-mysql | p-cpe:/a:mandriva:linux:rsyslog-mysql |
| mandriva | linux | rsyslog-pgsql | p-cpe:/a:mandriva:linux:rsyslog-pgsql |
| mandriva | linux | rsyslog-relp | p-cpe:/a:mandriva:linux:rsyslog-relp |
| mandriva | linux | rsyslog-snmp | p-cpe:/a:mandriva:linux:rsyslog-snmp |
| mandriva | linux | 2010.1 | cpe:/o:mandriva:linux:2010.1 |
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0796)
2015-10-06 00:00:00
Mandriva Update for rsyslog MDVSA-2012:100 (rsyslog)
2012-06-28 00:00:00
CentOS Update for rsyslog CESA-2012:0796 centos6
2012-07-30 00:00:00
oraclelinux
oraclelinux
rsyslog security, bug fix, and enhancement update
2012-06-27 00:00:00
debiancve
debiancve
CVE-2011-4623
2012-09-25 23:55:01
cve
cve
CVE-2011-4623
2012-09-25 23:55:01
nessus
nessus
RHEL 6 : rsyslog (RHSA-2012:0796)
2012-06-20 00:00:00
Oracle Linux 6 : rsyslog (ELSA-2012-0796)
2013-07-12 00:00:00
Scientific Linux Security Update : rsyslog on SL6.x i386/x86_64 (20120620)
2012-08-01 00:00:00
cvelist
cvelist
CVE-2011-4623
2012-09-25 23:00:00
redhat
redhat
(RHSA-2012:0796) Moderate: rsyslog security, bug fix, and enhancement update
2012-06-20 00:00:00
ubuntu
ubuntu
Rsyslog vulnerability
2012-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2011-4623
2011-12-23 00:00:00
prion
prion
Integer overflow
2012-09-25 23:55:00
centos
centos
rsyslog security update
2012-07-10 17:21:56
amazon
amazon
Medium: rsyslog
2012-07-06 16:04:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:52:20
nvd
nvd
CVE-2011-4623
2012-09-25 23:55:01
gentoo
gentoo
RSYSLOG: Denial of service
2014-12-24 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
Related for MANDRIVA_MDVSA-2012-100.NASL