SNS Vulnerability

RSyslog Syslog Message Handling SQL Injection Vulnerability

Description

A vulnerability was identified in RSyslog, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error when processing a specially crafted syslog message, which may be exploited by malicious users to conduct SQL injection attacks. No further details have been disclosed.

Vulnerable Products

Vulnerable Software:
RSyslog versions prior to 1.0.1 (stable)RSyslog versions prior to 1.10.1 (development)

Solution

Upgrade to RSyslog version 1.0.1 (stable) : http://www.rsyslog.com/Downloads-index-req-getit-lid-17.phtmlOr RSyslog version 11.10.1 (development) : http://www.rsyslog.com/Downloads-index-req-getit-lid-18.phtml

CVE

References

http://www.rsyslog.com/Article35.phtml

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2005-09-26

Target Type

Server

Possible exploit

Local & Remote