Vulnerabilities > CVE-2015-3243 - Information Exposure Through Log Files vulnerability in Rsyslog

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
rsyslog
CWE-532
nessus
NVD
Published: 2017-07-25
Updated: 2017-07-31

Summary

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

Vulnerable Configurations

Part Description Count
Application
Rsyslog
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-11039.NASL
    descriptionBesides other changes, this update mitigates this vulnerability: https://access.redhat.com/security/cve/CVE-2015-3243 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-07-16
    plugin id84777
    published2015-07-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84777
    titleFedora 22 : rsyslog-8.8.0-3.fc22 (2015-11039)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-11039.
#

include("compat.inc");

if (description)
{
  script_id(84777);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_xref(name:"FEDORA", value:"2015-11039");

  script_name(english:"Fedora 22 : rsyslog-8.8.0-3.fc22 (2015-11039)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Besides other changes, this update mitigates this vulnerability:
https://access.redhat.com/security/cve/CVE-2015-3243

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://access.redhat.com/security/cve/CVE-2015-3243
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-3243"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1224538"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1224972"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161996.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?cce968c0"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rsyslog package."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rsyslog");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC22", reference:"rsyslog-8.8.0-3.fc22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-789.NASL
    descriptionThis update for rsyslog fixes the following issues : The following security vulnerability was addressed : CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-08-02
    plugin id111502
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111502
    titleopenSUSE Security Update : rsyslog (openSUSE-2018-789)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-789.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(111502);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2015-3243");

  script_name(english:"openSUSE Security Update : rsyslog (openSUSE-2018-789)");
  script_summary(english:"Check for the openSUSE-2018-789 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for rsyslog fixes the following issues :

The following security vulnerability was addressed :

CVE-2015-3243: Make sure that log files are not created world-readable
(bsc#935393)

This update was imported from the SUSE:SLE-12-SP3:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935393"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rsyslog packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-diag-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-diag-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-dbi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-dbi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gtls");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gtls-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-guardtime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-guardtime-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-relp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-relp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-debugsource-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-diag-tools-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-diag-tools-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-dbi-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-dbi-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-elasticsearch-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-elasticsearch-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gcrypt-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gcrypt-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gssapi-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gssapi-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gtls-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-gtls-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-guardtime-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-guardtime-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-mmnormalize-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-mmnormalize-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-mysql-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-mysql-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omamqp1-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omamqp1-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omhttpfs-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omhttpfs-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omtcl-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-omtcl-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-pgsql-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-pgsql-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-relp-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-relp-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-snmp-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-snmp-debuginfo-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-udpspoof-8.24.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"rsyslog-module-udpspoof-debuginfo-8.24.0-2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog / rsyslog-debuginfo / rsyslog-debugsource / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-523.NASL
    descriptionThis update for rsyslog fixes the following security issue : - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123221
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123221
    titleopenSUSE Security Update : rsyslog (openSUSE-2019-523)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-523.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(123221);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2015-3243");

  script_name(english:"openSUSE Security Update : rsyslog (openSUSE-2019-523)");
  script_summary(english:"Check for the openSUSE-2019-523 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for rsyslog fixes the following security issue :

  - CVE-2015-3243: Prevent weak permissions for generated
    log files, which allowed local users to obtain sensitive
    information (bsc#935393).

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935393"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rsyslog packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-diag-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-diag-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-dbi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-dbi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-elasticsearch-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gssapi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gtls");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-gtls-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mmnormalize-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omamqp1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omhttpfs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-omtcl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-relp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-relp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsyslog-module-udpspoof-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-debugsource-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-diag-tools-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-diag-tools-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-dbi-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-dbi-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-elasticsearch-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-elasticsearch-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gcrypt-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gcrypt-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gssapi-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gssapi-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gtls-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-gtls-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-mmnormalize-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-mmnormalize-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-mysql-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-mysql-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omamqp1-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omamqp1-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omhttpfs-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omhttpfs-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omtcl-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-omtcl-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-pgsql-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-pgsql-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-relp-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-relp-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-snmp-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-snmp-debuginfo-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-udpspoof-8.33.1-lp150.2.3.2") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"rsyslog-module-udpspoof-debuginfo-8.33.1-lp150.2.3.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsyslog / rsyslog-debuginfo / rsyslog-debugsource / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1937-2.NASL
    descriptionThis update for rsyslog fixes the following security issue : - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120044
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120044
    titleSUSE SLED15 / SLES15 Security Update : rsyslog (SUSE-SU-2018:1937-2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-738.NASL
    descriptionThis update for rsyslog fixes the following security issue : - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-20
    plugin id111195
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111195
    titleopenSUSE Security Update : rsyslog (openSUSE-2018-738)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1937-1.NASL
    descriptionThis update for rsyslog fixes the following security issue : - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120043
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120043
    titleSUSE SLED15 / SLES15 Security Update : rsyslog (SUSE-SU-2018:1937-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2038-1.NASL
    descriptionThis update for rsyslog fixes the following issues: The following security vulnerability was addressed : - CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111262
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111262
    titleSUSE SLED12 / SLES12 Security Update : rsyslog (SUSE-SU-2018:2038-1)

References