Your submission was sent successfully! Close

CVE-2013-4758

Published: 4 October 2013

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

Notes

AuthorNote
mdeslaur
our versions don't contain the affected plugin
Priority

Medium

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
quantal Not vulnerable
(code not present)
raring Not vulnerable
(code not present)
saucy Not vulnerable
(code not present)
upstream Needs triage

Patches:
upstream: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4