Vigil@nce - RSYSLOG: integer overflow of PRI
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an integer overflow via PRI in RSYSLOG,
in order to trigger a denial of service, and possibly to execute
code.
– Impacted products: Debian, openSUSE, RSYSLOG, SUSE Linux
Enterprise Desktop, SLES, Ubuntu
– Severity: 2/4
– Creation date: 02/10/2014
DESCRIPTION OF THE VULNERABILITY
The RSYSLOG product analyzes messages in the SYSLOG format:
The PRI field indicates the priority, which is composed of the
message Facility and Severity.
However, if PRI is larger than MAX_INT, an index becomes negative,
and an array overflows in RSYSLOG.
When RSYSLOG is configured to accept SYSLOG messages from the
network, this vulnerability can be remotely exploited.
An attacker can therefore generate an integer overflow via PRI in
RSYSLOG, in order to trigger a denial of service, and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/RSYSLOG-integer-overflow-of-PRI-15437