AIX rsyslog Advisory : rsyslog_advisory.asc
High Nessus Plugin ID 79660
SynopsisThe remote AIX host has a vulnerable version of rsyslog.
DescriptionThe version of rsyslog installed on the remote AIX host is affected by a remote code execution or denial of service vulnerability :
- The installed rsyslog allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impacts by crafting a priority (PRI) value that triggers an out-of-bounds array access. (CVE-2014-3634)
- The original fix for the above issue still retained a denial of service vulnerability when large PRI values were encountered. (CVE-2014-3683)
SolutionA fix is available and can be downloaded from the AIX website.
To extract the fixes from the tar file :
tar xvf rsyslog_fix.tar
IMPORTANT : it is recommended that a mksysb backup of the system be created if possible. Verify that it is both bootable and readable before proceeding.
To preview the fix installation :
installp -a -d rsyslog.base -p all
To install the fix package :
installp -a -d rsyslog.base -X all