Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871257
Category:Red Hat Local Security Checks
Title:RedHat Update for rsyslog RHSA-2014:1397-01
Summary:The remote host is missing an update for the 'rsyslog'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'rsyslog'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.

A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)

Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.

All rsyslog users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the rsyslog service will be restarted automatically.

Affected Software/OS:
rsyslog on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3634
Debian Security Information: DSA-3040 (Google Search)
http://www.debian.org/security/2014/dsa-3040
http://www.mandriva.com/security/advisories?name=MDVSA-2015:130
http://www.openwall.com/lists/oss-security/2014/09/30/15
http://www.openwall.com/lists/oss-security/2014/10/03/1
RedHat Security Advisories: RHSA-2014:1397
http://rhn.redhat.com/errata/RHSA-2014-1397.html
RedHat Security Advisories: RHSA-2014:1654
http://rhn.redhat.com/errata/RHSA-2014-1654.html
RedHat Security Advisories: RHSA-2014:1671
http://rhn.redhat.com/errata/RHSA-2014-1671.html
http://secunia.com/advisories/61494
http://secunia.com/advisories/61720
http://secunia.com/advisories/61930
SuSE Security Announcement: SUSE-SU-2014:1294 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:1297 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html
SuSE Security Announcement: openSUSE-SU-2014:1298 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html
http://www.ubuntu.com/usn/USN-2381-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.