Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-4795.NASLHistoryNov 06, 2023 - 12:00 a.m.
Rocky Linux 9 : rsyslog (RLSA-2022:4795)
2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
rocky linux 9
rsyslog
vulnerability
heap buffer overflow
octet-counted framing
segfault
malfunction
remote code execution
expert opinion
best practice
mitigation
cve-2022-24903
nessus scanner
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.107 Low
EPSS
Percentile
95.1%
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4795 advisory.
- Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modulesimtcp,imptcp,imgssapi, andimhttpare used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Moduleimdiagis a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. (CVE-2022-24903)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:4795.
##
include('compat.inc');
if (description)
{
script_id(184554);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id("CVE-2022-24903");
script_xref(name:"RLSA", value:"2022:4795");
script_name(english:"Rocky Linux 9 : rsyslog (RLSA-2022:4795)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the
RLSA-2022:4795 advisory.
- Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap
buffer overflow when octet-counted framing is used. This can result in a segfault or some other
malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But
there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
While there is a check for the maximum number of octets, digits are written to a heap buffer even when the
octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence
of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote
exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing
modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`,
`imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to
directly expose them to the public. When this practice is followed, the risk is considerably lower. Module
`imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present
on any production installation. Octet-counted framing is not very common. Usually, it needs to be
specifically enabled at senders. If users do not need it, they can turn it off for the most important
modules. This will mitigate the vulnerability. (CVE-2022-24903)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:4795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2081353");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24903");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/06");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-crypto");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-crypto-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-elasticsearch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-elasticsearch-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-gnutls");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-gnutls-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-gssapi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-gssapi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-kafka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-kafka-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-logrotate");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmaudit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmaudit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmfields");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmfields-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmjsonparse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmjsonparse-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmkubernetes");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmkubernetes-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmnormalize");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmnormalize-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmsnmptrapd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mmsnmptrapd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-omamqp1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-omamqp1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-pgsql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-relp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-relp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-snmp-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-udpspoof");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:rsyslog-udpspoof-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'rsyslog-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-crypto-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debugsource-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debugsource-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-debugsource-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-doc-8.2102.0-101.el9_0.1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-elasticsearch-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gnutls-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-gssapi-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-kafka-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-logrotate-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-logrotate-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-logrotate-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmaudit-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmfields-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmjsonparse-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmkubernetes-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmnormalize-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mmsnmptrapd-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-mysql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-omamqp1-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-openssl-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-pgsql-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-relp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-snmp-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rsyslog-udpspoof-debuginfo-8.2102.0-101.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rsyslog / rsyslog-crypto / rsyslog-crypto-debuginfo / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocky | linux | rsyslog | p-cpe:/a:rocky:linux:rsyslog |
| rocky | linux | rsyslog-crypto | p-cpe:/a:rocky:linux:rsyslog-crypto |
| rocky | linux | rsyslog-crypto-debuginfo | p-cpe:/a:rocky:linux:rsyslog-crypto-debuginfo |
| rocky | linux | rsyslog-debuginfo | p-cpe:/a:rocky:linux:rsyslog-debuginfo |
| rocky | linux | rsyslog-debugsource | p-cpe:/a:rocky:linux:rsyslog-debugsource |
| rocky | linux | rsyslog-doc | p-cpe:/a:rocky:linux:rsyslog-doc |
| rocky | linux | rsyslog-elasticsearch | p-cpe:/a:rocky:linux:rsyslog-elasticsearch |
| rocky | linux | rsyslog-elasticsearch-debuginfo | p-cpe:/a:rocky:linux:rsyslog-elasticsearch-debuginfo |
| rocky | linux | rsyslog-gnutls | p-cpe:/a:rocky:linux:rsyslog-gnutls |
| rocky | linux | rsyslog-gnutls-debuginfo | p-cpe:/a:rocky:linux:rsyslog-gnutls-debuginfo |
Related
osv
osv
rsyslog - security update
2022-05-28 00:00:00
CVE-2022-24903
2022-05-06 00:15:07
rsyslog vulnerability
2022-05-24 16:21:20
openvas
openvas
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2535)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-1979)
2022-07-08 00:00:00
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2145)
2022-07-29 00:00:00
nessus
nessus
Oracle Linux 9 : rsyslog (ELSA-2022-4795)
2022-07-07 00:00:00
FreeBSD : rsyslog8 -- heap buffer overflow on receiving TCP syslog (b9837fa1-cd72-11ec-98f1-6805ca0b3d42)
2022-05-07 00:00:00
EulerOS Virtualization 2.9.0 : rsyslog (EulerOS-SA-2022-2400)
2022-09-24 00:00:00
oraclelinux
oraclelinux
rsyslog security update
2022-06-30 00:00:00
rsyslog security update
2022-05-31 00:00:00
rsyslog rsyslog7 security update
2022-09-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-24903 affecting package rsyslog for versions less than 8.2204.1-1
2022-06-03 17:54:05
CVE-2022-24903 affecting package rsyslog 8.37.0-6
2022-06-15 17:03:08
cloudlinux
cloudlinux
Fixed CVE-2022-24903 in rsyslog
2022-06-08 19:49:37
redhatcve
redhatcve
CVE-2022-24903
2022-05-05 13:36:34
cvelist
cvelist
redhat
redhat
(RHSA-2022:4808) Important: rsyslog and rsyslog7 security update
2022-05-31 07:57:01
(RHSA-2022:4795) Important: rsyslog security update
2022-05-30 07:22:28
(RHSA-2022:4800) Important: rsyslog security update
2022-05-30 07:24:19
fedora
fedora
[SECURITY] Fedora 36 Update: rsyslog-8.2204.0-1.fc36
2022-05-17 01:32:39
[SECURITY] Fedora 35 Update: rsyslog-8.2204.0-1.fc35
2022-05-17 01:56:45
prion
prion
Heap overflow
2022-05-06 00:15:00
almalinux
almalinux
Important: rsyslog security update
2022-05-30 07:24:07
cve
cve
CVE-2022-24903
2022-05-06 00:15:07
veracode
veracode
Buffer Overflow
2022-05-11 10:43:59
ubuntu
ubuntu
Rsyslog vulnerability
2022-05-24 00:00:00
Rsyslog vulnerability
2022-05-05 00:00:00
debiancve
debiancve
CVE-2022-24903
2022-05-06 00:15:07
nvd
nvd
CVE-2022-24903
2022-05-06 00:15:07
broadcom
broadcom
suse
suse
Security update for rsyslog (important)
2022-05-09 00:00:00
debian
debian
[SECURITY] [DSA 5150-1] rsyslog security update
2022-05-28 19:26:20
[SECURITY] [DLA 3016-1] rsyslog security update
2022-05-20 21:58:25
ubuntucve
ubuntucve
CVE-2022-24903
2022-05-05 00:00:00
rocky
rocky
rsyslog security update
2022-05-30 07:24:07
rsyslog security update
2022-05-30 07:22:28
freebsd
freebsd
rsyslog8 -- heap buffer overflow on receiving TCP syslog
2022-05-05 00:00:00
redos
redos
ROS-20240403-16
2024-04-03 00:00:00
mageia
mageia
Updated rsyslog packages fix security vulnerability
2022-05-08 10:58:48
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]
2024-03-28 21:59:28
alpinelinux
alpinelinux
CVE-2022-24903
2022-05-06 00:15:07
rosalinux
rosalinux
Advisory ROSA-SA-2024-2381
2024-03-26 11:41:42
amazon
amazon
Important: rsyslog
2022-05-31 23:47:00
Important: rsyslog
2022-05-31 23:50:00
ics
ics
Siemens RUGGEDCOM ROX
2023-07-13 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.107 Low
EPSS
Percentile
95.1%
Related for ROCKY_LINUX_RLSA-2022-4795.NASL