Bug 1123164 - (CVE-2018-16881) VUL-0: CVE-2018-16881: rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
(CVE-2018-16881)
VUL-0: CVE-2018-16881: rsyslog: imptcp: integer overflow when Octet-Counted T...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/223745/
CVSSv3:RedHat:CVE-2018-16881:5.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-25 12:10 UTC by Malte Kraus
Modified: 2019-04-04 08:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Malte Kraus 2019-01-25 12:10:05 UTC
rh#1658366

An issue was found in rsyslog. When imtcp module and Octet-Counted TCP Framing ("on" by default) are enabled, Rsyslog can be crashed remotely when sending an crafted (improperly formatted) message to "imptcp" listening socket.


Upstream Patch:
https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1658366
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16881
Comment 1 Malte Kraus 2019-01-25 12:20:02 UTC
Only SUSE:SLE-12-SP3:Update is affected by this issue.

It is already fixed in SUSE:SLE-15:Update (the fix is from April 2017, but was only now identified as fixing a security issue). Older code streams are not affected, because they don't contain the vulnerable code from commit 6c52f29d59 yet.
Comment 2 Thomas Blume 2019-01-25 16:10:29 UTC
(In reply to Malte Kraus from comment #1)
> Only SUSE:SLE-12-SP3:Update is affected by this issue.
> 
> It is already fixed in SUSE:SLE-15:Update (the fix is from April 2017, but
> was only now identified as fixing a security issue). Older code streams are
> not affected, because they don't contain the vulnerable code from commit
> 6c52f29d59 yet.

Patch submitted:

https://build.suse.de/request/show/182763

Thanks!
Comment 4 Swamp Workflow Management 2019-01-31 14:10:21 UTC
SUSE-SU-2019:0209-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1123164
CVE References: CVE-2018-16881
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    rsyslog-8.24.0-3.19.1
SUSE Linux Enterprise Server 12-SP3 (src):    rsyslog-8.24.0-3.19.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    rsyslog-8.24.0-3.19.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    rsyslog-8.24.0-3.19.1
SUSE CaaS Platform ALL (src):    rsyslog-8.24.0-3.19.1
SUSE CaaS Platform 3.0 (src):    rsyslog-8.24.0-3.19.1
Comment 5 Swamp Workflow Management 2019-02-08 17:19:30 UTC
openSUSE-SU-2019:0154-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1123164
CVE References: CVE-2018-16881
Sources used:
openSUSE Leap 42.3 (src):    rsyslog-8.24.0-2.10.1
Comment 6 Thomas Blume 2019-03-29 16:00:53 UTC
Ready for closure.
Reassigning to security team to wrap it up.
Comment 7 Malte Kraus 2019-04-04 08:40:44 UTC
released