Описание
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
Multiple format string vulnerabilities were found in the zmq3 modules in rsyslog. A local attacker could potentially use these flaws to crash the rsyslog daemon under certain circumstances.
Отчет
This issue did not affect the versions of rsyslog as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | rsyslog | Not affected | ||
| Red Hat Enterprise Linux 5 | rsyslog5 | Not affected | ||
| Red Hat Enterprise Linux 6 | rsyslog | Not affected | ||
| Red Hat Enterprise Linux 6 | rsyslog7 | Not affected | ||
| Red Hat Enterprise Linux 7 | rsyslog | Not affected |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS3
Связанные уязвимости
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
Уязвимость модулей ввода/вывода программной утилиты для обработки логов Rsyslog, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
4.9 Medium
CVSS3