Ubuntu.comUB:CVE-2014-3634CVE-2014-3634
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.228 Low
EPSS
Percentile
96.5%
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier
allows remote attackers to cause a denial of service (crash), possibly
execute arbitrary code, or have other unspecified impact via a crafted
priority (PRI) value that triggers an out-of-bounds array access.
Notes
| Author | Note |
|---|---|
| mdeslaur | also see followup issue CVE-2014-3683 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | rsyslog | < 4.2.0-2ubuntu8.3 | UNKNOWN |
| ubuntu | 12.04 | noarch | rsyslog | < 5.8.6-1ubuntu8.9 | UNKNOWN |
| ubuntu | 14.04 | noarch | rsyslog | < 7.4.4-1ubuntu2.3 | UNKNOWN |
| ubuntu | 14.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
| ubuntu | 15.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
| ubuntu | 15.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
| ubuntu | 16.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
| ubuntu | 16.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
| ubuntu | 17.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
References
seclists.org/oss-sec/2014/q3/863
www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
www.rsyslog.com/remote-syslog-pri-vulnerability/
launchpad.net/bugs/cve/CVE-2014-3634
nvd.nist.gov/vuln/detail/CVE-2014-3634
security-tracker.debian.org/tracker/CVE-2014-3634
ubuntu.com/security/notices/USN-2381-1
www.cve.org/CVERecord?id=CVE-2014-3634
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.228 Low
EPSS
Percentile
96.5%