Amazon Linux Local Check: ALAS-2012-105

Published: 2015-09-08 11:21:59
CVE Author: NIST National Vulnerability Database

Technical Details:
A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default. (CVE-2011-4623 )

Recommendations:
Run yum update rsyslog to update your system.

Solution Type:
Vendor Patch

CVSS Base Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Detection Type:
Linux Distribution Package

Summary:
Amazon Linux Local Security Checks

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2011-4623

CVE Analysis

https://www.mageni.net/cve/CVE-2011-4623

References:

https://alas.aws.amazon.com/ALAS-2012-105.html

Severity
Low
CVSS Score
2.1
Published
2015-09-08
Modified
2018-10-01
Category
Amazon Linux Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.