CVE-2018-1000140 — CRITICAL (9.8)

Q: How severe is CVE-2018-1000140?

CVE-2018-1000140 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-1000140?

Check the references section above for vendor advisories and patch information. Affected products include: Rsyslog Librelp, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rsyslog	Librelp	<= 1.2.14
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	6.6
Redhat	Enterprise Linux Server Eus	6.7
Redhat	Enterprise Linux Server Tus	6.6
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-787

References

http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html
https://access.redhat.com/errata/RHSA-2018:1223Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1225Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1701Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1702Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1703Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1704Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1707Third Party Advisory
https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9ePatchThird Party Advisory
https://lgtm.com/rules/1505913226124/ExploitThird Party Advisory
https://security.gentoo.org/glsa/201804-21Third Party Advisory
https://usn.ubuntu.com/3612-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4151Third Party Advisory
http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html
https://access.redhat.com/errata/RHSA-2018:1223Third Party Advisory

FAQ

What is CVE-2018-1000140?

CVE-2018-1000140 is a vulnerability with a CVSS score of 9.8 (CRITICAL). rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be ...

How severe is CVE-2018-1000140?

CVE-2018-1000140 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000140?

Check the references section above for vendor advisories and patch information. Affected products include: Rsyslog Librelp, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.