Search...

(RHSA-2020:1702) Moderate: rsyslog security, bug fix, and enhancement update

2020-04-28T13:06:43

ID RHSA-2020:1702
Type redhat
Reporter RedHat
Modified 2020-04-28T14:46:26

Description

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.

The following packages have been upgraded to a later upstream version: rsyslog (8.1911.0). (BZ#1740683)

Security Fix(es):

rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)

rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.

JSON Vulners Source

Initial Source

{"id": "RHSA-2020:1702", "hash": "2cbe3468ca5c4b04adc25f1d75619107", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2020:1702) Moderate: rsyslog security, bug fix, and enhancement update", "description": "The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.\n\nThe following packages have been upgraded to a later upstream version: rsyslog (8.1911.0). (BZ#1740683)\n\nSecurity Fix(es):\n\n* rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)\n\n* rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "published": "2020-04-28T13:06:43", "modified": "2020-04-28T14:46:26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2020:1702", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2019-17041", "CVE-2019-17042"], "lastseen": "2020-04-30T19:35:19", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17041", "CVE-2019-17042"]}, {"type": "f5", "idList": ["F5:K39081000", "F5:K12213311"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-1702.NASL", "REDHAT-RHSA-2020-1000.NASL", "EULEROS_SA-2019-2229.NASL", "EULEROS_SA-2019-2418.NASL", "EULEROS_SA-2020-1060.NASL", "EULEROS_SA-2019-2302.NASL", "OPENSUSE-2019-2500.NASL", "EULEROS_SA-2020-1218.NASL", "PHOTONOS_PHSA-2019-2_0-0184_RSYSLOG.NASL", "OPENSUSE-2019-2501.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192418", "OPENVAS:1361412562311220192302", "OPENVAS:1361412562311220201218", "OPENVAS:1361412562311220201276", "OPENVAS:1361412562311220192229", "OPENVAS:1361412562311220201060", "OPENVAS:1361412562310852770", "OPENVAS:1361412562310852890", "OPENVAS:1361412562311220192659", "OPENVAS:1361412562310891952"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1952-1:40536"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2500-1", "OPENSUSE-SU-2019:2501-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1000"]}, {"type": "redhat", "idList": ["RHSA-2020:1000"]}, {"type": "centos", "idList": ["CESA-2020:1000"]}], "modified": "2020-04-30T19:35:19", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-04-30T19:35:19", "rev": 2}, "vulnersScore": 5.9}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmjsonparse", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-snmp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmaudit-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmaudit-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-gssapi", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-kafka-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mysql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-gnutls", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-elasticsearch-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-elasticsearch", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmnormalize-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-elasticsearch", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-pgsql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-snmp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmjsonparse-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-relp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmaudit", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-snmp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-pgsql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-relp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmkubernetes", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-pgsql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-gnutls", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmsnmptrapd", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-pgsql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mysql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-snmp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-snmp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-debugsource", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debugsource-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-kafka-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmsnmptrapd", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-crypto", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmjsonparse", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-crypto", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-gssapi-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmsnmptrapd", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "rsyslog-doc", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-doc-8.1911.0-3.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-gssapi", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-relp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-kafka", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmaudit", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mysql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmkubernetes-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmkubernetes-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmnormalize", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmkubernetes", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-kafka-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmnormalize", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-gnutls-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-kafka", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmaudit", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mysql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-elasticsearch-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmkubernetes-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-gnutls-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmsnmptrapd-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-gssapi-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-relp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-crypto-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mysql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmsnmptrapd-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-relp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-gnutls", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmjsonparse", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmaudit-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-kafka", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmnormalize-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-debugsource", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debugsource-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-relp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-gssapi", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmsnmptrapd", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-pgsql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-crypto-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmnormalize-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmkubernetes", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-gssapi-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-crypto-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-elasticsearch", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-elasticsearch", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-crypto-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-snmp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-debugsource", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debugsource-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmaudit", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-gnutls-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-debugsource", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debugsource-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mysql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmkubernetes", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmjsonparse-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-gnutls", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-pgsql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-elasticsearch-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "rsyslog", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-8.1911.0-3.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-crypto", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-gssapi", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mysql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmnormalize", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmjsonparse-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmnormalize-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmnormalize", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmnormalize-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-crypto", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-crypto-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-kafka-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmaudit-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmaudit-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-snmp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-relp-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-snmp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-snmp-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-pgsql", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-mmjsonparse", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-elasticsearch-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-elasticsearch-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmjsonparse-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmjsonparse-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mysql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mysql-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-pgsql-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-pgsql-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-kafka", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-kafka-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "rsyslog-mmsnmptrapd-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-debuginfo-8.1911.0-3.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-mmsnmptrapd-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmsnmptrapd-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-gssapi-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gssapi-debuginfo-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "rsyslog-mmkubernetes-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-mmkubernetes-debuginfo-8.1911.0-3.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageName": "rsyslog-gnutls-debuginfo", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-gnutls-debuginfo-8.1911.0-3.el8.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "rsyslog-relp", "packageVersion": "8.1911.0-3.el8", "packageFilename": "rsyslog-relp-8.1911.0-3.el8.x86_64.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}

{"cve": [{"lastseen": "2019-11-24T13:07:06", "bulletinFamily": "NVD", "description": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", "modified": "2019-11-14T01:15:00", "id": "CVE-2019-17041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17041", "published": "2019-10-07T16:15:00", "title": "CVE-2019-17041", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-24T13:07:06", "bulletinFamily": "NVD", "description": "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.", "modified": "2019-11-14T01:15:00", "id": "CVE-2019-17042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17042", "published": "2019-10-07T16:15:00", "title": "CVE-2019-17042", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:46", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2020-01-30T06:47:00", "published": "2020-01-30T06:47:00", "id": "F5:K39081000", "href": "https://support.f5.com/csp/article/K39081000", "title": "Rsyslog vulnerability CVE-2019-17042", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:52", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2020-01-15T19:32:00", "published": "2020-01-15T19:32:00", "id": "F5:K12213311", "href": "https://support.f5.com/csp/article/K12213311", "title": "Rsyslog v8.1908.0.0 vulnerability CVE-2019-17041", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:29:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852890", "title": "openSUSE: Security Advisory for rsyslog (openSUSE-SU-2019:2501-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852890\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:41:55 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for rsyslog (openSUSE-SU-2019:2501-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2501-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsyslog'\n package(s) announced via the openSUSE-SU-2019:2501-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rsyslog fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages\n (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\n messages (bsc#1153459).\n\n Other issue addressed:\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock\n (bsc#1141063).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2501=1\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-debuginfo\", rpm:\"rsyslog-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-debugsource\", rpm:\"rsyslog-debugsource~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-diag-tools\", rpm:\"rsyslog-diag-tools~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-diag-tools-debuginfo\", rpm:\"rsyslog-diag-tools-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-doc\", rpm:\"rsyslog-doc~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-dbi\", rpm:\"rsyslog-module-dbi~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-dbi-debuginfo\", rpm:\"rsyslog-module-dbi-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-elasticsearch\", rpm:\"rsyslog-module-elasticsearch~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-elasticsearch-debuginfo\", rpm:\"rsyslog-module-elasticsearch-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gcrypt\", rpm:\"rsyslog-module-gcrypt~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gcrypt-debuginfo\", rpm:\"rsyslog-module-gcrypt-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gssapi\", rpm:\"rsyslog-module-gssapi~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gssapi-debuginfo\", rpm:\"rsyslog-module-gssapi-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gtls\", rpm:\"rsyslog-module-gtls~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gtls-debuginfo\", rpm:\"rsyslog-module-gtls-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mmnormalize\", rpm:\"rsyslog-module-mmnormalize~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mmnormalize-debuginfo\", rpm:\"rsyslog-module-mmnormalize-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mysql\", rpm:\"rsyslog-module-mysql~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mysql-debuginfo\", rpm:\"rsyslog-module-mysql-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omamqp1\", rpm:\"rsyslog-module-omamqp1~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omamqp1-debuginfo\", rpm:\"rsyslog-module-omamqp1-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omhttpfs\", rpm:\"rsyslog-module-omhttpfs~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omhttpfs-debuginfo\", rpm:\"rsyslog-module-omhttpfs-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omtcl\", rpm:\"rsyslog-module-omtcl~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omtcl-debuginfo\", rpm:\"rsyslog-module-omtcl-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-pgsql\", rpm:\"rsyslog-module-pgsql~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-pgsql-debuginfo\", rpm:\"rsyslog-module-pgsql-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-relp\", rpm:\"rsyslog-module-relp~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-relp-debuginfo\", rpm:\"rsyslog-module-relp-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-snmp\", rpm:\"rsyslog-module-snmp~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-snmp-debuginfo\", rpm:\"rsyslog-module-snmp-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-udpspoof\", rpm:\"rsyslog-module-udpspoof~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"syslog-module-udpspoof-debuginfo\", rpm:\"syslog-module-udpspoof-debuginfo~8.33.1~lp151.6.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192302", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2302)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2302\");\n script_version(\"2020-01-23T12:45:55+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2302)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2302\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2302\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2019-2302 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~8.37.0~2.h18.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192659", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2659)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2659\");\n script_version(\"2020-01-23T13:13:04+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:13:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:13:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2659)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2659\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2659\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2019-2659 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~7.4.7~7.2.h21\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-10T00:00:00", "id": "OPENVAS:1361412562310891952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891952", "title": "Debian LTS: Security Advisory for rsyslog (DLA-1952-1)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891952\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-10 02:00:15 +0000 (Thu, 10 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for rsyslog (DLA-1952-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00011.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1952-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/942065\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsyslog'\n package(s) announced via the DLA-1952-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there were two vulnerabilities in the rsyslog\nsystem/kernel logging daemon in the parsers for AIX and Cisco log\nmessages respectfully.\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these issue have been fixed in rsyslog version\n8.4.2-1+deb8u3.\n\nWe recommend that you upgrade your rsyslog packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-elasticsearch\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-gnutls\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-gssapi\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-mongodb\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-mysql\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-pgsql\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rsyslog-relp\", ver:\"8.4.2-1+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T16:48:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201218", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201218", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1218)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1218\");\n script_version(\"2020-03-13T07:15:27+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:27 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:27 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1218)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1218\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1218\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2020-1218 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.24.0~17.h17\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~8.24.0~17.h17\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-11-14T00:00:00", "id": "OPENVAS:1361412562310852770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852770", "title": "openSUSE: Security Advisory for rsyslog (openSUSE-SU-2019:2500-1)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852770\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-14 03:02:02 +0000 (Thu, 14 Nov 2019)\");\n script_name(\"openSUSE: Security Advisory for rsyslog (openSUSE-SU-2019:2500-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2500-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsyslog'\n package(s) announced via the openSUSE-SU-2019:2500-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rsyslog fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages\n (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\n messages (bsc#1153459).\n\n Other issue addressed:\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock\n (bsc#1141063).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2500=1\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-debuginfo\", rpm:\"rsyslog-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-debugsource\", rpm:\"rsyslog-debugsource~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-diag-tools\", rpm:\"rsyslog-diag-tools~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-diag-tools-debuginfo\", rpm:\"rsyslog-diag-tools-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-doc\", rpm:\"rsyslog-doc~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-dbi\", rpm:\"rsyslog-module-dbi~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-dbi-debuginfo\", rpm:\"rsyslog-module-dbi-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-elasticsearch\", rpm:\"rsyslog-module-elasticsearch~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-elasticsearch-debuginfo\", rpm:\"rsyslog-module-elasticsearch-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gcrypt\", rpm:\"rsyslog-module-gcrypt~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gcrypt-debuginfo\", rpm:\"rsyslog-module-gcrypt-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gssapi\", rpm:\"rsyslog-module-gssapi~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gssapi-debuginfo\", rpm:\"rsyslog-module-gssapi-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gtls\", rpm:\"rsyslog-module-gtls~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-gtls-debuginfo\", rpm:\"rsyslog-module-gtls-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mmnormalize\", rpm:\"rsyslog-module-mmnormalize~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mmnormalize-debuginfo\", rpm:\"rsyslog-module-mmnormalize-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mysql\", rpm:\"rsyslog-module-mysql~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-mysql-debuginfo\", rpm:\"rsyslog-module-mysql-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omamqp1\", rpm:\"rsyslog-module-omamqp1~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omamqp1-debuginfo\", rpm:\"rsyslog-module-omamqp1-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omhttpfs\", rpm:\"rsyslog-module-omhttpfs~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omhttpfs-debuginfo\", rpm:\"rsyslog-module-omhttpfs-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omtcl\", rpm:\"rsyslog-module-omtcl~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-omtcl-debuginfo\", rpm:\"rsyslog-module-omtcl-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-pgsql\", rpm:\"rsyslog-module-pgsql~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-pgsql-debuginfo\", rpm:\"rsyslog-module-pgsql-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-relp\", rpm:\"rsyslog-module-relp~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-relp-debuginfo\", rpm:\"rsyslog-module-relp-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-snmp\", rpm:\"rsyslog-module-snmp~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-snmp-debuginfo\", rpm:\"rsyslog-module-snmp-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-module-udpspoof\", rpm:\"rsyslog-module-udpspoof~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"syslog-module-udpspoof-debuginfo\", rpm:\"syslog-module-udpspoof-debuginfo~8.33.1~lp150.2.19.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192229", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2229)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2229\");\n script_version(\"2020-01-23T12:42:03+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:42:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:42:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2229)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2229\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2229\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2019-2229 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~8.24.0~17.h16.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192418", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2418)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2418\");\n script_version(\"2020-01-23T12:54:05+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:54:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:54:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2418)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2418\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2418\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2019-2418 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gssapi\", rpm:\"rsyslog-gssapi~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mysql\", rpm:\"rsyslog-mysql~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-pgsql\", rpm:\"rsyslog-pgsql~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-relp\", rpm:\"rsyslog-relp~7.4.7~7.2.h23\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201060", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1060)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1060\");\n script_version(\"2020-01-23T13:18:32+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:18:32 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1060)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1060\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1060\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2020-1060 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.37.0~2.h19.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-gnutls\", rpm:\"rsyslog-gnutls~8.37.0~2.h19.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~8.37.0~2.h19.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-23T14:55:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-19T00:00:00", "published": "2020-03-19T00:00:00", "id": "OPENVAS:1361412562311220201276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201276", "title": "Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1276)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1276\");\n script_version(\"2020-03-19T13:43:30+0000\");\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-19 13:43:30 +0000 (Thu, 19 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-19 13:43:30 +0000 (Thu, 19 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2020-1276)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1276\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1276\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rsyslog' package(s) announced via the EulerOS-SA-2020-1276 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17042)\n\nAn issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.(CVE-2019-17041)\");\n\n script_tag(name:\"affected\", value:\"'rsyslog' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog\", rpm:\"rsyslog~8.24.0~17.h16\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rsyslog-mmjsonparse\", rpm:\"rsyslog-mmjsonparse~8.24.0~17.h16\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-04-23T02:47:04", "bulletinFamily": "scanner", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1000 advisory.\n\n - rsyslog: heap-based overflow in\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c\n (CVE-2019-17041)\n\n - rsyslog: heap-based overflow in\n contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2020-04-01T00:00:00", "id": "REDHAT-RHSA-2020-1000.NASL", "href": "https://www.tenable.com/plugins/nessus/135052", "published": "2020-04-01T00:00:00", "title": "RHEL 7 : rsyslog (RHSA-2020:1000)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1000. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135052);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/21\");\n\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_xref(name:\"RHSA\", value:\"2020:1000\");\n\n script_name(english:\"RHEL 7 : rsyslog (RHSA-2020:1000)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1000 advisory.\n\n - rsyslog: heap-based overflow in\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c\n (CVE-2019-17041)\n\n - rsyslog: heap-based overflow in\n contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1549706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1600171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1684236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1714094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763746\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-kafka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-libdbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmkubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmsnmptrapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-udpspoof\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'rsyslog-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-crypto-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-crypto-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-doc-8.24.0-52.el7', 'release':'7'},\n {'reference':'rsyslog-elasticsearch-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-elasticsearch-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-gnutls-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-gnutls-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-gssapi-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-gssapi-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-kafka-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-kafka-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-libdbi-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-libdbi-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mmaudit-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mmaudit-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mmjsonparse-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mmjsonparse-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mmkubernetes-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mmkubernetes-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mmnormalize-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mmnormalize-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mmsnmptrapd-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mmsnmptrapd-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-mysql-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-mysql-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-pgsql-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-pgsql-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-relp-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-relp-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-snmp-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-snmp-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'rsyslog-udpspoof-8.24.0-52.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'rsyslog-udpspoof-8.24.0-52.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_spec_vers_cmp) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;\n }\n else\n {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rsyslog / rsyslog-crypto / rsyslog-doc / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-01T03:27:34", "bulletinFamily": "scanner", "description": "This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for\n AIX log messages (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for\n Cisco log messages (bsc#1153459).\n\nOther issue addressed :\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex\n double-unlock (bsc#1141063). \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "modified": "2020-06-02T00:00:00", "id": "OPENSUSE-2019-2500.NASL", "href": "https://www.tenable.com/plugins/nessus/131009", "published": "2019-11-14T00:00:00", "title": "openSUSE Security Update : rsyslog (openSUSE-2019-2500)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2500.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131009);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n\n script_name(english:\"openSUSE Security Update : rsyslog (openSUSE-2019-2500)\");\n script_summary(english:\"Check for the openSUSE-2019-2500 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for\n AIX log messages (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for\n Cisco log messages (bsc#1153459).\n\nOther issue addressed :\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex\n double-unlock (bsc#1141063). \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153459\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-diag-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-diag-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-dbi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gtls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-relp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-debugsource-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-diag-tools-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-dbi-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-elasticsearch-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gcrypt-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gssapi-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gssapi-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gtls-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-mmnormalize-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-mysql-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-mysql-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omamqp1-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omhttpfs-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omtcl-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-pgsql-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-pgsql-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-relp-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-relp-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-snmp-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-snmp-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-udpspoof-8.33.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rsyslog-module-udpspoof-debuginfo-8.33.1-lp150.2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog / rsyslog-debuginfo / rsyslog-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-01T00:51:48", "bulletinFamily": "scanner", "description": "According to the versions of the rsyslog packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-06-02T00:00:00", "id": "EULEROS_SA-2020-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/132814", "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : rsyslog (EulerOS-SA-2020-1060)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132814);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\n \"CVE-2019-17041\",\n \"CVE-2019-17042\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : rsyslog (EulerOS-SA-2020-1060)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rsyslog packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11da27dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsyslog packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsyslog-8.37.0-2.h19.eulerosv2r8\",\n \"rsyslog-gnutls-8.37.0-2.h19.eulerosv2r8\",\n \"rsyslog-mmjsonparse-8.37.0-2.h19.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-30T18:38:25", "bulletinFamily": "scanner", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1702 advisory.\n\n - rsyslog: heap-based overflow in\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c\n (CVE-2019-17041)\n\n - rsyslog: heap-based overflow in\n contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2020-04-28T00:00:00", "id": "REDHAT-RHSA-2020-1702.NASL", "href": "https://www.tenable.com/plugins/nessus/136059", "published": "2020-04-28T00:00:00", "title": "RHEL 8 : rsyslog (RHSA-2020:1702)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1702. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136059);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/29\");\n\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n script_xref(name:\"RHSA\", value:\"2020:1702\");\n\n script_name(english:\"RHEL 8 : rsyslog (RHSA-2020:1702)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1702 advisory.\n\n - rsyslog: heap-based overflow in\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c\n (CVE-2019-17041)\n\n - rsyslog: heap-based overflow in\n contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1766693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1766700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(122);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-kafka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmkubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mmsnmptrapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsyslog-snmp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'rsyslog-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-crypto-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-crypto-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-crypto-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-debugsource-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-debugsource-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-debugsource-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-doc-8.1911.0-3.el8', 'release':'8'},\n {'reference':'rsyslog-elasticsearch-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-elasticsearch-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-elasticsearch-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-gnutls-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-gnutls-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-gnutls-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-gssapi-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-gssapi-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-gssapi-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-kafka-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-kafka-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-kafka-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mmaudit-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mmaudit-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mmaudit-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mmjsonparse-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mmjsonparse-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mmjsonparse-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mmkubernetes-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mmkubernetes-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mmkubernetes-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mmnormalize-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mmnormalize-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mmnormalize-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mmsnmptrapd-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mmsnmptrapd-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mmsnmptrapd-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-mysql-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-mysql-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-mysql-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-pgsql-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-pgsql-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-pgsql-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-relp-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-relp-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-relp-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'rsyslog-snmp-8.1911.0-3.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'rsyslog-snmp-8.1911.0-3.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'rsyslog-snmp-8.1911.0-3.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_spec_vers_cmp) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;\n }\n else\n {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rsyslog / rsyslog-crypto / rsyslog-debugsource / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:46:37", "bulletinFamily": "scanner", "description": "According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2418.NASL", "href": "https://www.tenable.com/plugins/nessus/131910", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : rsyslog (EulerOS-SA-2019-2418)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131910);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2019-17041\",\n \"CVE-2019-17042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : rsyslog (EulerOS-SA-2019-2418)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2418\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c7b49eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsyslog packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsyslog-7.4.7-7.2.h23\",\n \"rsyslog-gnutls-7.4.7-7.2.h23\",\n \"rsyslog-gssapi-7.4.7-7.2.h23\",\n \"rsyslog-mmjsonparse-7.4.7-7.2.h23\",\n \"rsyslog-mysql-7.4.7-7.2.h23\",\n \"rsyslog-pgsql-7.4.7-7.2.h23\",\n \"rsyslog-relp-7.4.7-7.2.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-19T22:38:49", "bulletinFamily": "scanner", "description": "According to the versions of the rsyslog packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-03-13T00:00:00", "id": "EULEROS_SA-2020-1218.NASL", "href": "https://www.tenable.com/plugins/nessus/134507", "published": "2020-03-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : rsyslog (EulerOS-SA-2020-1218)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134507);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/19\");\n\n script_cve_id(\n \"CVE-2019-17041\",\n \"CVE-2019-17042\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : rsyslog (EulerOS-SA-2020-1218)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rsyslog packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1218\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4c0f6ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsyslog packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsyslog-8.24.0-17.h17\",\n \"rsyslog-mmjsonparse-8.24.0-17.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-03T01:36:53", "bulletinFamily": "scanner", "description": "According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-27T00:00:00", "id": "EULEROS_SA-2019-2302.NASL", "href": "https://www.tenable.com/plugins/nessus/131368", "published": "2019-11-27T00:00:00", "title": "EulerOS 2.0 SP8 : rsyslog (EulerOS-SA-2019-2302)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131368);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/01\");\n\n script_cve_id(\n \"CVE-2019-17041\",\n \"CVE-2019-17042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : rsyslog (EulerOS-SA-2019-2302)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2302\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38439ac6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsyslog packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsyslog-8.37.0-2.h18.eulerosv2r8\",\n \"rsyslog-gnutls-8.37.0-2.h18.eulerosv2r8\",\n \"rsyslog-gssapi-8.37.0-2.h18.eulerosv2r8\",\n \"rsyslog-mmjsonparse-8.37.0-2.h18.eulerosv2r8\",\n \"rsyslog-mysql-8.37.0-2.h18.eulerosv2r8\",\n \"rsyslog-relp-8.37.0-2.h18.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:45:49", "bulletinFamily": "scanner", "description": "According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-08T00:00:00", "id": "EULEROS_SA-2019-2229.NASL", "href": "https://www.tenable.com/plugins/nessus/130691", "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : rsyslog (EulerOS-SA-2019-2229)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130691);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\n \"CVE-2019-17041\",\n \"CVE-2019-17042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : rsyslog (EulerOS-SA-2019-2229)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rsyslog packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a\n heap overflow in the parser for AIX log messages. The\n parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for\n strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will\n reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will\n then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0.\n contrib/pmcisconames/pmcisconames.c has a heap overflow\n in the parser for Cisco log messages. The parser tries\n to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings\n that do not satisfy this constraint. If the string does\n not match, then the variable lenMsg will reach the\n value zero and will skip the sanity check that detects\n invalid log messages. The message will then be\n considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will\n decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in\n the parser is to shift left the contents of the\n message. To do this, it will call memmove with the\n right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value,\n causing a heap overflow.(CVE-2019-17042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2229\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27eff749\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsyslog packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mmjsonparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsyslog-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsyslog-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-gnutls-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-gssapi-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-mmjsonparse-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-mysql-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-pgsql-8.24.0-17.h16.eulerosv2r7\",\n \"rsyslog-relp-8.24.0-17.h16.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-01T03:27:34", "bulletinFamily": "scanner", "description": "This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for\n AIX log messages (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for\n Cisco log messages (bsc#1153459).\n\nOther issue addressed :\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex\n double-unlock (bsc#1141063). \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "modified": "2020-06-02T00:00:00", "id": "OPENSUSE-2019-2501.NASL", "href": "https://www.tenable.com/plugins/nessus/131010", "published": "2019-11-14T00:00:00", "title": "openSUSE Security Update : rsyslog (openSUSE-2019-2501)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2501.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131010);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n\n script_name(english:\"openSUSE Security Update : rsyslog (openSUSE-2019-2501)\");\n script_summary(english:\"Check for the openSUSE-2019-2501 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for\n AIX log messages (bsc#1153451).\n\n - CVE-2019-17042: Fixed a heap overflow in the parser for\n Cisco log messages (bsc#1153459).\n\nOther issue addressed :\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex\n double-unlock (bsc#1141063). \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153459\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsyslog packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-diag-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-diag-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-dbi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-gtls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-relp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-debugsource-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-diag-tools-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-dbi-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-elasticsearch-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gcrypt-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gssapi-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gssapi-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gtls-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-mmnormalize-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-mysql-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-mysql-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omamqp1-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omhttpfs-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omtcl-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-pgsql-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-pgsql-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-relp-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-relp-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-snmp-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-snmp-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-udpspoof-8.33.1-lp151.6.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rsyslog-module-udpspoof-debuginfo-8.33.1-lp151.6.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog / rsyslog-debuginfo / rsyslog-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-01T04:39:28", "bulletinFamily": "scanner", "description": "This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-17041: Fixed a heap overflow in the parser for AIX log\nmessages (bsc#1153451).\n\nCVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\nmessages (bsc#1153459).\n\nOther issue addressed: Fixed an issue where rsyslog was SEGFAULT due\nto a mutex double-unlock (bsc#1141063).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-06-02T00:00:00", "id": "SUSE_SU-2019-2937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130899", "published": "2019-11-12T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : rsyslog (SUSE-SU-2019:2937-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2937-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130899);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2019-17041\", \"CVE-2019-17042\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : rsyslog (SUSE-SU-2019:2937-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rsyslog fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-17041: Fixed a heap overflow in the parser for AIX log\nmessages (bsc#1153451).\n\nCVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\nmessages (bsc#1153459).\n\nOther issue addressed: Fixed an issue where rsyslog was SEGFAULT due\nto a mutex double-unlock (bsc#1141063).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17042/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192937-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b667a1c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2937=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-2937=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2937=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2937=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2937=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2937=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-diag-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-diag-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-dbi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-elasticsearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-elasticsearch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gssapi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-gtls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-mmnormalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-mmnormalize-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omamqp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omamqp1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omhttpfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omhttpfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omtcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-omtcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-relp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-relp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-udpspoof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsyslog-module-udpspoof-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gssapi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gssapi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gtls-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mysql-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mysql-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-pgsql-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-pgsql-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-relp-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-relp-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-snmp-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-snmp-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-udpspoof-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-udpspoof-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-diag-tools-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-doc-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-dbi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-elasticsearch-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gcrypt-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omamqp1-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omhttpfs-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omtcl-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gssapi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gssapi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gtls-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mysql-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mysql-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-pgsql-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-pgsql-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-relp-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-relp-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-snmp-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-snmp-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-udpspoof-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-udpspoof-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-diag-tools-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-doc-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-dbi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-elasticsearch-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gcrypt-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gtls-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omamqp1-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omhttpfs-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omtcl-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-diag-tools-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-doc-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-dbi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-elasticsearch-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-gcrypt-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omamqp1-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omhttpfs-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omtcl-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-diag-tools-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-diag-tools-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-doc-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-dbi-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-dbi-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-elasticsearch-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-elasticsearch-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-gcrypt-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-gcrypt-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-gtls-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-gtls-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-mmnormalize-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omamqp1-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omamqp1-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omhttpfs-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omhttpfs-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omtcl-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-module-omtcl-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-debuginfo-8.33.1-3.22.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rsyslog-debugsource-8.33.1-3.22.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsyslog\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-05-16T12:50:06", "bulletinFamily": "unix", "description": "Package : rsyslog\nVersion : 8.4.2-1+deb8u3\nCVE IDs : CVE-2019-17041 CVE-2019-17042\nDebian Bugs : #942065 #942067\n\nIt was discovered that there were two vulnerabilities in the rsyslog\nsystem/kernel logging daemon in the parsers for AIX and Cisco log\nmessages respectfully.\n\nFor Debian 8 "Jessie", these issue have been fixed in rsyslog version\n8.4.2-1+deb8u3.\n\nWe recommend that you upgrade your rsyslog packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "modified": "2019-10-10T00:12:50", "published": "2019-10-10T00:12:50", "id": "DEBIAN:DLA-1952-1:40536", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00011.html", "title": "[SECURITY] [DLA 1952-1] rsyslog security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-11-14T03:20:30", "bulletinFamily": "unix", "description": "This update for rsyslog fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages\n (bsc#1153451).\n - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\n messages (bsc#1153459).\n\n Other issue addressed:\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock\n (bsc#1141063).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2019-11-14T00:11:11", "published": "2019-11-14T00:11:11", "id": "OPENSUSE-SU-2019:2500-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html", "title": "Security update for rsyslog (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-14T09:20:31", "bulletinFamily": "unix", "description": "This update for rsyslog fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages\n (bsc#1153451).\n - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log\n messages (bsc#1153459).\n\n Other issue addressed:\n\n - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock\n (bsc#1141063).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2019-11-14T06:10:46", "published": "2019-11-14T06:10:46", "id": "OPENSUSE-SU-2019:2501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html", "title": "Security update for rsyslog (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-04-09T02:42:51", "bulletinFamily": "unix", "description": "[8.24.0-52]\nRHEL 7.8 ERRATUM\n- edited patch file ID for imfile to not log useless errors\n also improved file-id behavior to adress newly found problems\n resolves: rhbz#1763746\n[8.24.0-49]\nRHEL 7.8 ERRATUM\n- fixed fsync patch to actually revognize the new option\n resolves: rhbz#1696686 (failedQA)\n[8.24.0-48]\nRHEL 7.8 ERRATUM\n- added patch resolving crash on wrong MsgProperty\n resolves: rhbz#1549706\n- added patch resolving CVE in pmaixforward module\n resolves: rhbz#1768320\n- added patch resolving CVE in pmcisconames module\n resolves: rhbz#1768323\n- added patch implementing file ID for imfile\n resolves: rhbz#1763746\n- added patch fixing omelasticsearch with ES 6.X\n resolves: rhbz#1600171\n[8.24.0-47]\nRHEL 7.8 ERRATUM\n- edited imfile truncation detection patch with reression fix\n resolves: rhbz#1744856\n[8.24.0-46]\nRHEL 7.8 ERRATUM\n- Support Intermediate Certificate Chains in rsyslog\n resolves: rhbz#1627799\n- fixed WorAroundJournalBug patch to not cause leaks\n resolves: rhbz#1744617\n- added patch fixing possible segfault in rate-limiter\n resolves: rhbz#1744682\n[8.24.0-45]\nRHEL 7.8 ERRATUM\n- fixed fsync patch according to covscan results\n resolves: rhbz#1696686\n[8.24.0-44]\nRHEL 7.8 ERRATUM\n- added patch and doc-patch for new caseSensitive imUDP/TCP option\n resolves: rhbz#1309698", "modified": "2020-04-06T00:00:00", "published": "2020-04-06T00:00:00", "id": "ELSA-2020-1000", "href": "http://linux.oracle.com/errata/ELSA-2020-1000.html", "title": "rsyslog security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-04-02T17:39:04", "bulletinFamily": "unix", "description": "The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.\n\nSecurity Fix(es):\n\n* rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)\n\n* rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "modified": "2020-03-31T14:10:48", "published": "2020-03-31T13:06:41", "id": "RHSA-2020:1000", "href": "https://access.redhat.com/errata/RHSA-2020:1000", "type": "redhat", "title": "(RHSA-2020:1000) Moderate: rsyslog security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-04-08T22:43:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2020:1000\n\n\nThe rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.\n\nSecurity Fix(es):\n\n* rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041)\n\n* rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012594.html\n\n**Affected packages:**\nrsyslog\nrsyslog-crypto\nrsyslog-doc\nrsyslog-elasticsearch\nrsyslog-gnutls\nrsyslog-gssapi\nrsyslog-kafka\nrsyslog-libdbi\nrsyslog-mmaudit\nrsyslog-mmjsonparse\nrsyslog-mmkubernetes\nrsyslog-mmnormalize\nrsyslog-mmsnmptrapd\nrsyslog-mysql\nrsyslog-pgsql\nrsyslog-relp\nrsyslog-snmp\nrsyslog-udpspoof\n\n**Upstream details at:**\n", "modified": "2020-04-08T19:16:23", "published": "2020-04-08T19:16:23", "id": "CESA-2020:1000", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-April/012594.html", "title": "rsyslog security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}