RHBA-2019:2501

RHSA-2019:2110

RHSA-2019:2437

RHSA-2019:2439

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability:

  - A denial of service vulnerability was found in rsyslog     in the imptcp module. An attacker could send a specially     crafted message to the imptcp socket, which would cause     rsyslog to crash. Versions before 8.27.0 are vulnerable.
    (CVE-2018-16881)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.(CVE-2018-16881)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has rsyslog packages installed that are affected by a vulnerability:

  - A denial of service vulnerability was found in rsyslog     in the imptcp module. An attacker could send a specially     crafted message to the imptcp socket, which would cause     rsyslog to crash. Versions before 8.27.0 are vulnerable.
    (CVE-2018-16881)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for rsyslog is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format.

Security Fix(es) :

* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Security Fix(es) :

  - rsyslog: imptcp: integer overflow when Octet-Counted TCP     Framing is enabled (CVE-2018-16881)

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version:
imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1669357, BZ#1669365, BZ#1684986, BZ# 1711193, BZ#1717250, BZ#1726917)

Security Fix(es) :

* python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160)

* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)

* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)

* openssl: 0-byte record padding oracle (CVE-2019-1559)

* cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment (CVE-2019-10139)

* sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.

The following packages have been upgraded to a later upstream version:
rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255)

Security Fix(es) :

* rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881)

* openssl: 0-byte record padding oracle (CVE-2019-1559)

* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

According to the versions of the rsyslog packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - Rsyslog is an enhanced, multi-threaded syslog daemon.
    It supports MySQL, syslog/TCP, RFC 3195, permitted     sender lists, filtering on any message part, and fine     grain output format control. It is compatible with     stock sysklogd and can be used as a drop-in     replacement. Rsyslog is simple to set up, with advanced     features suitable for enterprise-class,     encryption-protected syslog relay chains.

  - Security fix(es):

  - A denial of service vulnerability was found in rsyslog     in the imptcp module. An attacker could send a     specially crafted message to the imptcp socket, which     would cause rsyslog to crash.(CVE-2018-16881)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - A denial of service vulnerability was found in rsyslog     in the imptcp module. An attacker could send a     specially crafted message to the imptcp socket, which     would cause rsyslog to crash.i1/4^CVE-2018-16881i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the rsyslog packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - A denial of service vulnerability was found in rsyslog     in the imptcp module. An attacker could send a     specially crafted message to the imptcp socket, which     would cause rsyslog to crash.(CVE-2018-16881)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the rsyslog package has been released.

This update for rsyslog fixes the following issues :

Security issue fixed :

  - CVE-2018-16881: Fixed a denial of service when both the     imtcp module and Octet-Counted TCP Framing is enabled     (bsc#1123164).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

This update for rsyslog fixes the following issues :

Security issue fixed :

CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132463	NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2019-0259)	Nessus	NewStart CGSL Local Security Checks	medium
131238	Amazon Linux 2 : rsyslog (ALAS-2019-1369)	Nessus	Amazon Linux Local Security Checks	medium
129897	NewStart CGSL CORE 5.04 / MAIN 5.04 : rsyslog Vulnerability (NS-SA-2019-0209)	Nessus	NewStart CGSL Local Security Checks	medium
128353	CentOS 7 : rsyslog (CESA-2019:2110)	Nessus	CentOS Local Security Checks	medium
128259	Scientific Linux Security Update : rsyslog on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	medium
127986	RHEL 7 : Virtualization Manager (RHSA-2019:2437)	Nessus	Red Hat Local Security Checks	medium
127830	RHEL 7 : Virtualization Manager (RHSA-2019:2439)	Nessus	Red Hat Local Security Checks	medium
127673	RHEL 7 : rsyslog (RHSA-2019:2110)	Nessus	Red Hat Local Security Checks	medium
124909	EulerOS Virtualization for ARM 64 3.0.1.0 : rsyslog (EulerOS-SA-2019-1406)	Nessus	Huawei Local Security Checks	medium
123713	EulerOS Virtualization 2.5.4 : rsyslog (EulerOS-SA-2019-1245)	Nessus	Huawei Local Security Checks	medium
123711	EulerOS Virtualization 2.5.3 : rsyslog (EulerOS-SA-2019-1243)	Nessus	Huawei Local Security Checks	medium
123117	EulerOS 2.0 SP3 : rsyslog (EulerOS-SA-2019-1104)	Nessus	Huawei Local Security Checks	medium
122925	Photon OS 1.0: Rsyslog PHSA-2019-1.0-0212	Nessus	PhotonOS Local Security Checks	high
122918	Photon OS 2.0: Rsyslog PHSA-2019-2.0-0134	Nessus	PhotonOS Local Security Checks	high
122696	EulerOS 2.0 SP5 : rsyslog (EulerOS-SA-2019-1073)	Nessus	Huawei Local Security Checks	medium
122385	EulerOS 2.0 SP2 : rsyslog (EulerOS-SA-2019-1058)	Nessus	Huawei Local Security Checks	medium
122090	openSUSE Security Update : rsyslog (openSUSE-2019-154)	Nessus	SuSE Local Security Checks	medium
121539	SUSE SLED12 / SLES12 Security Update : rsyslog (SUSE-SU-2019:0209-1)	Nessus	SuSE Local Security Checks	medium

CVE-2018-16881

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins