Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16881

Опубликовано: 19 апр. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.

Меры по смягчению последствий

This vulnerability requires the "imptcp" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string $InputPTCPServerRunin your rsyslog configuration.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5rsyslogNot affected
Red Hat Enterprise Linux 5rsyslog5Not affected
Red Hat Enterprise Linux 6rsyslogNot affected
Red Hat Enterprise Linux 6rsyslog7Not affected
Red Hat Enterprise Linux 8rsyslogNot affected
Red Hat Enterprise Linux 7rsyslogFixedRHSA-2019:211006.08.2019
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7rsyslogFixedRHBA-2019:250115.08.2019
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7imgbasedFixedRHSA-2019:243712.08.2019
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7ovirt-node-ngFixedRHSA-2019:243712.08.2019
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7redhat-release-virtualization-hostFixedRHSA-2019:243712.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1658366rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled

EPSS

Процентиль: 85%
0.02616
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16881

CVSS3: 7.5
ubuntu
около 7 лет назад

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

nvd логотип

CVE-2018-16881

CVSS3: 7.5
nvd
около 7 лет назад

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

debian логотип

CVE-2018-16881

CVSS3: 7.5
debian
около 7 лет назад

A denial of service vulnerability was found in rsyslog in the imptcp m ...

suse-cvrf логотип

openSUSE-SU-2019:0154-1

suse-cvrf
почти 7 лет назад

Security update for rsyslog

suse-cvrf логотип

SUSE-SU-2019:0209-1

suse-cvrf
около 7 лет назад

Security update for rsyslog

EPSS

Процентиль: 85%
0.02616
Низкий

5.3 Medium

CVSS3