CVE-2018-16881: Integer Overflow
First published: Wed Apr 19 2017(Updated: )
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rsyslog | <0:8.24.0-38.el7 | 0:8.24.0-38.el7 |
| redhat/rsyslog | <0:8.24.0-41.el7_7 | 0:8.24.0-41.el7_7 |
| redhat/imgbased | <0:1.1.9-0.1.el7e | 0:1.1.9-0.1.el7e |
| redhat/ovirt-node-ng | <0:4.3.5-0.20190717.0.el7e | 0:4.3.5-0.20190717.0.el7e |
| redhat/redhat-release-virtualization-host | <0:4.3.5-2.el7e | 0:4.3.5-2.el7e |
| redhat/redhat-virtualization-host | <0:4.3.5-20190722.0.el7_7 | 0:4.3.5-20190722.0.el7_7 |
| redhat/rhvm-appliance | <0:4.3-20190722.0.el7 | 0:4.3-20190722.0.el7 |
| redhat/rsyslog | <8.27.0 | 8.27.0 |
| SUSE Rsyslog | <8.27.0 | |
| Red Hat Enterprise Virtualization Manager | =4.3 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux for IBM Z Systems | =7.0 | |
| Red Hat Enterprise Linux for Power, big endian | =7.0 | |
| Red Hat Enterprise Linux for Power, little endian | =7.0 | |
| Red Hat Enterprise Linux for Scientific Computing | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Debian Linux | =9.0 |
Remedy
This vulnerability requires the "imptcp" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2018-16881 https://nvd.nist.gov/vuln/detail/CVE-2018-16881
- https://bugzilla.redhat.com/show_bug.cgi?id=1658366
- https://access.redhat.com/errata/RHSA-2019:2110
- https://access.redhat.com/errata/RHBA-2019:2501
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:2439
- https://access.redhat.com/security/cve/cve-2018-16881
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881
- https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
- https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1658366#c12
- https://www.myexamcollection.com/312-50v12-vce-questions.htm
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1658366#c17
- https://slopeplay.io
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2018-16881?
CVE-2018-16881 is classified as a denial of service vulnerability, which can cause the rsyslog service to crash.
How do I fix CVE-2018-16881?
To fix CVE-2018-16881, upgrade rsyslog to version 8.27.0 or later.
Which versions of rsyslog are affected by CVE-2018-16881?
Versions prior to 8.27.0 of rsyslog are affected by CVE-2018-16881.
What can an attacker do with CVE-2018-16881?
An attacker can potentially crash the rsyslog service by sending specially crafted messages to the imptcp socket.
Is CVE-2018-16881 a remote vulnerability?
Yes, CVE-2018-16881 can be exploited remotely by sending malicious data to the vulnerable rsyslog service.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-16881
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/rsyslog
- canonical/suse rsyslog
- vendor/redhat
- canonical/red hat enterprise virtualization manager
- version/red hat enterprise virtualization manager/4.3
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/7.0
- canonical/red hat enterprise linux for power, big endian
- version/red hat enterprise linux for power, big endian/7.0
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/7.0
- canonical/red hat enterprise linux for scientific computing
- version/red hat enterprise linux for scientific computing/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- vendor/debian
- canonical/debian linux
- version/debian linux/9.0