Buffer overflow in rsyslog (Alpine package)

1) Buffer overflow

EUVDB-ID: #VU22771

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-17042

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in "contrib/pmcisconames/pmcisconames.c" due to a boundary error in the parser for Cisco log messages. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

rsyslog (Alpine package): 8.31.0-r0

External links

http://git.alpinelinux.org/aports/commit/?id=fcb7841366f861335c201a73adc3e201d709fbb2
http://git.alpinelinux.org/aports/commit/?id=0a0e63bb3836aa43c24b2985a921882852992977
http://git.alpinelinux.org/aports/commit/?id=fb0705945971ff53797273dd8c262991529048a3
http://git.alpinelinux.org/aports/commit/?id=44d4603afebae99966171e69bddc5dcfd2be3bf9
http://git.alpinelinux.org/aports/commit/?id=7544d63c6aab6c75c1675f3eab478f28d6278f69
http://git.alpinelinux.org/aports/commit/?id=8a52368e6a35515b79c35269568b95fdcf606b4f
http://git.alpinelinux.org/aports/commit/?id=ba93705f698eb64a2519ba1380f83d9238db90e2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.