SSL: Red Hat librelp Stack Buffer Overflow
This signature detects attempts to exploit stack based buffer overflow in Red Hat librelp. A remote attacker could exploit this vulnerability by sending crafted Reliable Event Logging Protocol (RELP) messages. Successful exploitation may result in remote code execution under the security context of the target application.
Extended Description
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Affected Products
Rsyslog librelp
References
CVE: CVE-2018-1000140
Short Name
SSL:OVERFLOW:LIBRELP-OVERFLOW-1
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
Buffer CVE-2018-1000140 Hat Overflow Red Stack librelp
Release Date
06/26/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/10514,20514
False Positive
Unknown
Vendors
Rsyslog
Debian
Redhat
Canonical
CVSS Score
7.5