Scientific Linux Security Update : rsyslog on SL6.x i386/x86_64

2012-08-01T00:00:00
ID SL_20110901_RSYSLOG_ON_SL6_X.NASL
Type nessus
Reporter Tenable
Modified 2015-01-13T00:00:00

Description

The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control.

A two byte buffer overflow flaw was found in the rsyslog daemon's parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon. (CVE-2011-3200)

All rsyslog users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the rsyslog daemon will be restarted automatically.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(61129);
  script_version("$Revision: 1.3 $");
  script_cvs_date("$Date: 2015/01/13 15:30:40 $");

  script_cve_id("CVE-2011-3200");

  script_name(english:"Scientific Linux Security Update : rsyslog on SL6.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists,
filtering on any message part, and fine grained output format control.

A two byte buffer overflow flaw was found in the rsyslog daemon's
parseLegacySyslogMsg function. An attacker able to submit log messages
to rsyslogd could use this flaw to crash the daemon. (CVE-2011-3200)

All rsyslog users should upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing
this update, the rsyslog daemon will be restarted automatically."
  );
  # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=873
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3b71f01c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"rsyslog-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-debuginfo-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-gnutls-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-gssapi-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-mysql-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-pgsql-4.6.2-3.el6_1.2")) flag++;
if (rpm_check(release:"SL6", reference:"rsyslog-relp-4.6.2-3.el6_1.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");