CVE-2018-1000140
Published: 23 March 2018
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Notes
Author | Note |
---|---|
mdeslaur | only used by rsyslog-relp packages in trusty, which is in universe. |
Priority
Status
Package | Release | Status |
---|---|---|
librelp Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Released
(1.2.14-3ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
cosmic |
Not vulnerable
(1.2.15-1)
|
|
disco |
Not vulnerable
(1.2.15-1)
|
|
eoan |
Not vulnerable
(1.2.15-1)
|
|
focal |
Not vulnerable
(1.2.15-1)
|
|
groovy |
Not vulnerable
(1.2.15-1)
|
|
hirsute |
Not vulnerable
(1.2.15-1)
|
|
impish |
Not vulnerable
(1.2.15-1)
|
|
jammy |
Not vulnerable
(1.2.15-1)
|
|
kinetic |
Not vulnerable
(1.2.15-1)
|
|
lunar |
Not vulnerable
(1.2.15-1)
|
|
trusty |
Released
(1.2.2-2ubuntu1.1)
|
|
upstream |
Released
(1.2.15-1)
|
|
xenial |
Released
(1.2.9-1ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
Patches: upstream: https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |