Red Hat Bugzilla – Bug 1279514
rsyslog: Server does not clean TLS contexts on connection loss
Last modified: 2016-08-15 11:00:26 EDT
If the TCP connections breaks without proper indication, the server side does not seem to clean some context or state. This results in the connection not being re-established after the network comes back, which breaks logging on the client because the log buffers run over and Syslog is designed to block in that case. Attacker who is able to break the TLS connection over the untrusted network, can cause DoS on the server for rsyslog service.
Created rsyslog tracking bugs for this issue:
Affects: fedora-all [bug 1279515]
Original bug report:
This issue occurs when the remote receiver does not complete TCP handshake, acking the CLIENT HELLO but not sending SERVER HELLO back. Socket appears to be established, but in fact it waits for the handshake to complete, blocking all the other logging while queuing for the remote connection.
The problem is resolved by having a queue for the forwarding action, allowing to get the network part asynchronous.
*.* @@<server>:10514 # forward everything to remote server
All versions of rsyslog shipped support queuing. Therefore I am closing this flaw NOTABUG.