SB2019111444 - Multiple vulnerabilities in rsyslog.com rsyslog
Published: November 14, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2011-1488)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. A remote attacker can perform a denial of service attack.
2) Memory leak (CVE-ID: CVE-2011-1489)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. A remote attacker can perform a denial of service attack.
3) Memory leak (CVE-ID: CVE-2011-1490)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
- https://access.redhat.com/security/cve/cve-2011-1488
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1488
- https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
- https://security-tracker.debian.org/tracker/CVE-2011-1488
- https://access.redhat.com/security/cve/cve-2011-1489
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
- https://security-tracker.debian.org/tracker/CVE-2011-1489
- https://access.redhat.com/security/cve/cve-2011-1490
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
- https://security-tracker.debian.org/tracker/CVE-2011-1490