SB2022061210 - Amazon Linux AMI update for rsyslog

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022061210

SB2022061210 - Amazon Linux AMI update for rsyslog

Published: June 12, 2022

Security Bulletin ID SB2022061210
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2014-3634)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.


2) Heap-based buffer overflow (CVE-ID: CVE-2022-24903)

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.


Remediation

Install update from vendor's website.

References