Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1560084 - (CVE-2018-1000140) CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
CVE-2018-1000140 librelp: Stack-based buffer overflow in relpTcpChkPeerName f...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20180323,repor...
: Security
Depends On: 1560086 1560085 1561229 1561230 1561231 1561232 1570814 1570815 1570816 1570817 1570818 1570819 1570820
Blocks: 1560087
  Show dependency treegraph
 
Reported: 2018-03-23 16:50 EDT by Pedro Sampaio
Modified: 2018-08-31 17:54 EDT (History)
8 users (show)

See Also:
Fixed In Version: librelp 1.2.15
Doc Type: If docs needed, set a value
Doc Text:
A stack-based buffer overflow was found in the way librelp parses X.509 certificates. By connecting or accepting connections from a remote peer, an attacker may use a specially crafted X.509 certificate to exploit this flaw and potentially execute arbitrary code.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1223 None None None 2018-04-24 14:32 EDT
Red Hat Product Errata RHSA-2018:1225 None None None 2018-04-24 14:35 EDT
Red Hat Product Errata RHSA-2018:1701 None None None 2018-05-23 11:48 EDT
Red Hat Product Errata RHSA-2018:1702 None None None 2018-05-23 11:54 EDT
Red Hat Product Errata RHSA-2018:1703 None None None 2018-05-23 11:55 EDT
Red Hat Product Errata RHSA-2018:1704 None None None 2018-05-23 11:53 EDT
Red Hat Product Errata RHSA-2018:1707 None None None 2018-05-23 11:57 EDT

  None (edit)
Description Pedro Sampaio 2018-03-23 16:50:02 EDT 
librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

Upstream patch:

https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf

References:

https://lgtm.com/rules/1505913226124/
https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205
Comment 1 Pedro Sampaio 2018-03-23 16:50:34 EDT 
Created librelp tracking bugs for this issue:

Affects: fedora-all [bug 1560085]
Comment 4 Tomas Hoger 2018-04-04 14:41:35 EDT 
External References:

https://www.rsyslog.com/cve-2018-1000140/
Comment 8 Pedro Yóssis Silva Barbosa 2018-04-24 10:49:43 EDT 
Mitigation:

Users are strongly advised not to expose their logging RELP services to a public network.
Comment 11 Pedro Yóssis Silva Barbosa 2018-04-24 11:45:14 EDT 
Acknowledgments:

Name: Rainer Gerhards (rsyslog)
Upstream: Bas van Schaik (lgtm.com / Semmle), Kevin Backhouse (lgtm.com / Semmle)
Comment 12 errata-xmlrpc 2018-04-24 14:31:58 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1223 https://access.redhat.com/errata/RHSA-2018:1223
Comment 13 errata-xmlrpc 2018-04-24 14:35:25 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:1225 https://access.redhat.com/errata/RHSA-2018:1225
Comment 19 errata-xmlrpc 2018-05-23 11:48:43 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:1701 https://access.redhat.com/errata/RHSA-2018:1701
Comment 20 errata-xmlrpc 2018-05-23 11:53:36 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2018:1704 https://access.redhat.com/errata/RHSA-2018:1704
Comment 21 errata-xmlrpc 2018-05-23 11:54:34 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:1702 https://access.redhat.com/errata/RHSA-2018:1702
Comment 22 errata-xmlrpc 2018-05-23 11:55:37 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:1703 https://access.redhat.com/errata/RHSA-2018:1703
Comment 23 errata-xmlrpc 2018-05-23 11:57:25 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support

Via RHSA-2018:1707 https://access.redhat.com/errata/RHSA-2018:1707
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.