A double free flaw was found in the way the ElasticSearch plugin of rsyslog handled JSON response from ElasticSearch. If the "errorfile" parameter is explicitely set for local logging and a an attacker can manipulate the JSON response from ElasticSearch, the attacker could cause rsyslog to crash or, possibly, execute arbitrary code with the privileges of rsyslog. References: [1] http://www.lsexperts.de/advisories/lse-2013-07-03.txt Upstream bug report: [2] http://bugzilla.adiscon.com/show_bug.cgi?id=461
Upstream patch: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4
The version of rsyslog shipped with Red Hat Enterprise Linux 5 and 6, does not contain the vulnerable omelasticsearch plugin and therefore is not vulnerable to this flaw. The version of rsyslog shipped with Fedora 18 and Fedora 19, does not contain the vulnerable omelasticsearch plugin and therefore is not vulnerable to this flaw.
Statement: Not Vulnerable. This issue does not affect the version of rsyslog as shipped with Red Hat Enterprise Linux 5 and 6.