CVE-2018-1000140

critical

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

References

https://access.redhat.com/errata/RHSA-2018:1223

https://access.redhat.com/errata/RHSA-2018:1225

https://access.redhat.com/errata/RHSA-2018:1701

https://access.redhat.com/errata/RHSA-2018:1702

https://access.redhat.com/errata/RHSA-2018:1703

https://access.redhat.com/errata/RHSA-2018:1704

https://access.redhat.com/errata/RHSA-2018:1707

https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205

https://lgtm.com/rules/1505913226124/

https://security.gentoo.org/glsa/201804-21

https://usn.ubuntu.com/3612-1/

https://www.debian.org/security/2018/dsa-4151

Details

Source: MITRE

Published: 2018-03-23

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
127416	NewStart CGSL MAIN 4.05 : librelp Vulnerability (NS-SA-2019-0147)	Nessus	NewStart CGSL Local Security Checks	critical
127234	NewStart CGSL CORE 5.04 / MAIN 5.04 : librelp Vulnerability (NS-SA-2019-0050)	Nessus	NewStart CGSL Local Security Checks	critical
121935	Photon OS 2.0: Librelp PHSA-2018-2.0-0039	Nessus	PhotonOS Local Security Checks	critical
121832	Photon OS 1.0: Librelp PHSA-2018-1.0-0129	Nessus	PhotonOS Local Security Checks	critical
111931	Photon OS 1.0: Librelp / Libvirt PHSA-2018-1.0-0129 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
111298	Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated)	Nessus	PhotonOS Local Security Checks	critical
110846	EulerOS 2.0 SP3 : librelp (EulerOS-SA-2018-1182)	Nessus	Huawei Local Security Checks	critical
110242	CentOS 7 : librelp (CESA-2018:1223)	Nessus	CentOS Local Security Checks	critical
110139	EulerOS 2.0 SP2 : librelp (EulerOS-SA-2018-1135)	Nessus	Huawei Local Security Checks	critical
110138	EulerOS 2.0 SP1 : librelp (EulerOS-SA-2018-1134)	Nessus	Huawei Local Security Checks	critical
110087	RHEL 7 : librelp (RHSA-2018:1707)	Nessus	Red Hat Local Security Checks	critical
110086	RHEL 7 : librelp (RHSA-2018:1704)	Nessus	Red Hat Local Security Checks	critical
110085	RHEL 7 : librelp (RHSA-2018:1703)	Nessus	Red Hat Local Security Checks	critical
110084	RHEL 6 : librelp (RHSA-2018:1702)	Nessus	Red Hat Local Security Checks	critical
110083	RHEL 6 : librelp (RHSA-2018:1701)	Nessus	Red Hat Local Security Checks	critical
109529	CentOS 6 : librelp (CESA-2018:1225)	Nessus	CentOS Local Security Checks	critical
109464	Scientific Linux Security Update : librelp on SL7.x x86_64 (20180424)	Nessus	Scientific Linux Local Security Checks	critical
109340	Scientific Linux Security Update : librelp on SL6.x i386/x86_64 (20180424)	Nessus	Scientific Linux Local Security Checks	critical
109339	RHEL 6 : librelp (RHSA-2018:1225)	Nessus	Red Hat Local Security Checks	critical
109337	RHEL 7 : librelp (RHSA-2018:1223)	Nessus	Red Hat Local Security Checks	critical
109333	Oracle Linux 6 : librelp (ELSA-2018-1225)	Nessus	Oracle Linux Local Security Checks	critical
109331	Oracle Linux 7 : librelp (ELSA-2018-1223)	Nessus	Oracle Linux Local Security Checks	critical
109235	GLSA-201804-21 : librelp: Remote code execution	Nessus	Gentoo Local Security Checks	critical
109180	Amazon Linux 2 : librelp (ALAS-2018-998)	Nessus	Amazon Linux Local Security Checks	critical
108912	Fedora 26 : librelp (2018-6f2df5ab6c)	Nessus	Fedora Local Security Checks	critical
108911	Fedora 27 : librelp (2018-2f9d3604d6)	Nessus	Fedora Local Security Checks	critical
108710	Ubuntu 14.04 LTS : librelp vulnerability (USN-3612-1)	Nessus	Ubuntu Local Security Checks	critical
108684	SUSE SLES12 Security Update : librelp (SUSE-SU-2018:0828-1)	Nessus	SuSE Local Security Checks	critical
108682	openSUSE Security Update : librelp (openSUSE-2018-319)	Nessus	SuSE Local Security Checks	critical
108656	SUSE SLES12 Security Update : librelp (SUSE-SU-2018:0822-1)	Nessus	SuSE Local Security Checks	critical
108611	Debian DSA-4151-1 : librelp - security update	Nessus	Debian Local Security Checks	critical

CVE-2018-1000140

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical