exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2022-24903

Status Candidate

Overview

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

Related Files

Gentoo Linux Security Advisory 202408-28
Posted Aug 12, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202408-28 - A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution. Versions greater than or equal to 8.2206.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2022-24903
SHA-256 | f50fc19de5ad3d07dd08c9432bb75d203dee019826ce312bbe81a4c7ef7ca1ee
Red Hat Security Advisory 2022-5439-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5439-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-1966, CVE-2022-24903
SHA-256 | 3db4a9a3eaef4ae44ffe0e4b1baeea0aa294da5f2930bbfe0457203563dd5c83
Red Hat Security Advisory 2022-4896-01
Posted Jun 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4896-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-4028, CVE-2021-4083, CVE-2022-0778, CVE-2022-1271, CVE-2022-24903, CVE-2022-25636
SHA-256 | 3df1bd94283b4f8f828a1326c59af6e3f0bf7a7aa1e643f1d76923d175ca596f
Red Hat Security Advisory 2022-4808-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4808-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon. It supports on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases, email alerting, fully configurable output formats, the ability to filter on any part of the syslog message, on-the-wire message compression, and the ability to convert text files to syslog. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 68173f6ada716e1aea998606f5823f010cefd5e6a1390ad47852b4863f5f9e4a
Red Hat Security Advisory 2022-4795-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4795-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 85c6d5e5f18689658a3feba8334a5ca9f5ee4025d096c7ff8ad2c06bf04ba9df
Red Hat Security Advisory 2022-4803-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4803-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | caa995502c0716dd3e0b4c8882ef4649db32bbd054c2d5347d136d6f14f1019c
Red Hat Security Advisory 2022-4799-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4799-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 6b3ef3cad5a6f8f510ffc0c5ef65bdc083c065354960e146a57db692703d5279
Red Hat Security Advisory 2022-4800-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4800-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | c09ee5f9d7525364ce88541efe06f185fb16e33cbe8fed8518a080579d5e7acf
Red Hat Security Advisory 2022-4802-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4802-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | 422f5fdcf4c0e8c21150f333f101eddfd53d1f4948241188359554d658b535b3
Red Hat Security Advisory 2022-4801-01
Posted May 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4801-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2022-24903
SHA-256 | cbc294f85a2ab1a07026b4b619b01e0197418378e91ee9e7f1ccbc4a6ffedc85
Debian Security Advisory 5150-1
Posted May 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5150-1 - Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, tcp
systems | linux, debian
advisories | CVE-2022-24903
SHA-256 | e4778e769832dd9146a37a7c1719d90772ee712460dc84d2d00fa1c1d0f9272e
Ubuntu Security Notice USN-5404-2
Posted May 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5404-2 - USN-5404-1 addressed a vulnerability in Rsyslog. This update provides the corresponding update for Ubuntu 16.04 ESM. Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-24903
SHA-256 | 3394a7516dfe2104e5e67cea4be704545ae10ea23ca73c694dbe4fc856db4ae5
Ubuntu Security Notice USN-5404-1
Posted May 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5404-1 - Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-24903
SHA-256 | 6ab1ab70f6364aaf565aa6324443931a40d300289e47660a7e71f7a4ac614ab2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close