In any case, I think it would make sense to use the current 8.29.0 version if not installed.
Just a thought. Rainer 2017-10-06 8:27 GMT+02:00 deoren <rsyslog-users-lists.adiscon....@whyaskwhy.org>: > > > On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog > <rsyslog@lists.adiscon.com> wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA512 >> >>On 2017-10-06 07:45, deoren wrote: >>> Is this expected? I recall reading that rsyslog should be properly >>> firewalled to protect it from malicious traffic, but I couldn't >>> recall what would happen if it were exposed to scans: fall over vs >>> trash data logged. >> >>More details please. >> >>What kind of rsyslog service was exposed (imuxsock, imudp, imtcp, >>imrelp...)? >> >>Do have some details about the scan itself? Can you share steps how to >>reproduce? >> >>If it is true what you are saying "you" found a DoS vulnerability in >>rsyslog. No service should crash when receiving/processing >>invalid/malformed data. >> >> >>- -- >>Regards, >>Thomas > > I will gather more info and post back. > > Quick info: > > imrelp, imudp, imptcp exposed. > > I believe I used two scans to repro: authenticated scan and remote port scan. > > Will gather more info later today if I can, later this weekend if not. I just > wanted to make sure this wasn't a known issue before digging too deep into it. > > Thanks. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
