Correct. Not vulnerable. Rainer
John Chivian <[email protected]> schrieb am Do., 5. Mai 2022, 20:31: > Hello Rainer - > > Can you please confirm that the input in the following configuration > snippet is NOT vulnerable… > > module(load=“imptcp") > input( > type="imptcp" > name="userdata" > port="5140" > ruleset="userdata_input" > * supportoctetcountedframing="no"* > ) > > Thanks, > > > > On May 5, 2022, at 07:11, Rainer Gerhards via rsyslog < > [email protected]> wrote: > > Dear List, > > there is heap buffer overflow vulnerability in rsyslog tcp reception > components, most notably imtcp and imptcp. This can only happen in > octet-counted mode, which is enabled by default. > > If the receiver ports are exposed to the public Internet AND are used > without authentication, this can lead to remote DoS and potentially to > remote code execution. It is unclear if remote code execution is > actually possible. If so, it needs a very sophisticated attack. > > When syslog best practices with proper firewalling and authentication > is used, thean attack can only be carried out from within the Intranet > and authorized systems. This limits the severity of the vulnerability > considerably (it would obviously require an attacker already to be > present inside the internal network). > > Advisory: > https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 > > A patch is available, updated packages are already available or will > be within the next few hours. The daily stable will contain the patch > later today. > > Credits to Peter Agten for initially reporting the issue and working > with us on the resolution. > > Rainer > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
