Dear List, there is heap buffer overflow vulnerability in rsyslog tcp reception components, most notably imtcp and imptcp. This can only happen in octet-counted mode, which is enabled by default.
If the receiver ports are exposed to the public Internet AND are used without authentication, this can lead to remote DoS and potentially to remote code execution. It is unclear if remote code execution is actually possible. If so, it needs a very sophisticated attack. When syslog best practices with proper firewalling and authentication is used, thean attack can only be carried out from within the Intranet and authorized systems. This limits the severity of the vulnerability considerably (it would obviously require an attacker already to be present inside the internal network). Advisory: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 A patch is available, updated packages are already available or will be within the next few hours. The daily stable will contain the patch later today. Credits to Peter Agten for initially reporting the issue and working with us on the resolution. Rainer _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
