Vulnerability Details : CVE-2011-3200
Public exploit exists!
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-3200
- cpe:2.3:a:rsyslog:rsyslog:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:5.8.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3200
31.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-3200
-
rsyslog Long Tag Off-By-Two DoS
Disclosure Date: 2011-09-01First seen: 2020-04-26auxiliary/dos/syslog/rsyslog_long_tagThis module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to yield code execution but is effective at shutting down a remote log daemon. This bug was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5. Compiler differenc
CVSS scores for CVE-2011-3200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3200
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3200
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065837.html
[SECURITY] Fedora 16 Update: rsyslog-5.8.5-1.fc16
-
http://www.securityfocus.com/bid/49413
RSyslog 'parseLegacySyslogMsg()' Function Buffer Overflow Vulnerability
-
http://securitytracker.com/id?1026000
rsyslog TAG Buffer Overflow Lets Remote or Local Users Deny Service - SecurityTracker
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:134
mandriva.com
-
http://www.rsyslog.com/potential-dos-with-malformed-tag/
Potential DoS with malformed TAG - rsyslogPatch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-1247.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=727644
727644 – (CVE-2011-3200) CVE-2011-3200 rsyslog: parseLegacySyslogMsg off-by-two buffer overflowPatch
-
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=1ca6cc236d1dabf1633238b873fb1c057e52f95e
Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html
[SECURITY] Fedora 14 Update: rsyslog-4.6.3-3.fc14
-
http://lists.opensuse.org/opensuse-updates/2011-09/msg00013.html
openSUSE-SU-2011:1020-1: moderate: rsyslog
Jump to