Bug 981719 - (CVE-2013-4758) CVE-2013-4758 rsyslog: double free flaw in ElasticSearch plugin
CVE-2013-4758 rsyslog: double free flaw in ElasticSearch plugin
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130705,repor...
: Security
Depends On:
Blocks: 981722
  Show dependency treegraph
 
Reported: 2013-07-05 11:10 EDT by Stefan Cornelius
Modified: 2013-07-07 23:47 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-07 23:47:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Stefan Cornelius 2013-07-05 11:10:34 EDT
A double free flaw was found in the way the ElasticSearch plugin of rsyslog handled JSON response from ElasticSearch. If the "errorfile" parameter is explicitely set for local logging and a an attacker can manipulate the JSON response from ElasticSearch, the attacker could cause rsyslog to crash or, possibly, execute arbitrary code with the privileges of rsyslog.

References:
[1] http://www.lsexperts.de/advisories/lse-2013-07-03.txt

Upstream bug report:
[2] http://bugzilla.adiscon.com/show_bug.cgi?id=461
Comment 2 Huzaifa S. Sidhpurwala 2013-07-07 23:44:11 EDT
The version of rsyslog shipped with Red Hat Enterprise Linux 5 and 6, does not contain the vulnerable omelasticsearch plugin and therefore is not vulnerable to this flaw.

The version of rsyslog shipped with Fedora 18 and Fedora 19, does not contain the vulnerable omelasticsearch plugin and therefore is not vulnerable to this flaw.
Comment 3 Huzaifa S. Sidhpurwala 2013-07-07 23:44:56 EDT
Statement:

Not Vulnerable. This issue does not affect the version of rsyslog as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.