First published: Wed Apr 19 2017(Updated: )
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rsyslog | <0:8.24.0-38.el7 | 0:8.24.0-38.el7 |
redhat/rsyslog | <0:8.24.0-41.el7_7 | 0:8.24.0-41.el7_7 |
redhat/imgbased | <0:1.1.9-0.1.el7e | 0:1.1.9-0.1.el7e |
redhat/ovirt-node-ng | <0:4.3.5-0.20190717.0.el7e | 0:4.3.5-0.20190717.0.el7e |
redhat/redhat-release-virtualization-host | <0:4.3.5-2.el7e | 0:4.3.5-2.el7e |
redhat/redhat-virtualization-host | <0:4.3.5-20190722.0.el7_7 | 0:4.3.5-20190722.0.el7_7 |
redhat/rhvm-appliance | <0:4.3-20190722.0.el7 | 0:4.3-20190722.0.el7 |
redhat/rsyslog | <8.27.0 | 8.27.0 |
SUSE Rsyslog | <8.27.0 | |
Red Hat Enterprise Virtualization Manager | =4.3 | |
Red Hat Enterprise Linux Desktop | =7.0 | |
Red Hat Enterprise Linux for IBM Z Systems | =7.0 | |
Red Hat Enterprise Linux for Power, big endian | =7.0 | |
Red Hat Enterprise Linux for Power, little endian | =7.0 | |
Red Hat Enterprise Linux for Scientific Computing | =7.0 | |
Red Hat Enterprise Linux Server | =7.0 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
Red Hat Enterprise Virtualization | =4.0 | |
Red Hat Virtualization Host EUS | =4.0 | |
Red Hat Enterprise Linux | =7.0 | |
Debian Linux | =9.0 |
This vulnerability requires the "imptcp" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2018-16881 is classified as a denial of service vulnerability, which can cause the rsyslog service to crash.
To fix CVE-2018-16881, upgrade rsyslog to version 8.27.0 or later.
Versions prior to 8.27.0 of rsyslog are affected by CVE-2018-16881.
An attacker can potentially crash the rsyslog service by sending specially crafted messages to the imptcp socket.
Yes, CVE-2018-16881 can be exploited remotely by sending malicious data to the vulnerable rsyslog service.