CVE-2015-3243 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
rsyslog	rsyslog	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rsyslog

bookworm	unimportant
bullseye	unimportant
bullseye (security)	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

rsyslog

precise	not-affected
trusty	not-affected
utopic	not-affected
vivid	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

rsyslog

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed

rsyslog-diag-tools

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed

rsyslog-doc

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed

rsyslog-module-gssapi

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-gtls

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-mmnormalize

suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-mysql

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-pgsql

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-relp

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-snmp

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

rsyslog-module-udpspoof

suse enterprise sap 12 SP3	8.24.0-3.3.1 fixed
suse enterprise sap 12 SP5	8.24.0-3.28.2 fixed
suse enterprise sap 15	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP1	8.33.1-3.3.1 fixed
suse enterprise sap 15 SP2	8.39.0-2.90 fixed
suse enterprise sap 15 SP3	8.39.0-4.10.1 fixed
suse enterprise sap 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise sap 15 SP7	8.2406.0-150700.1.6 fixed
suse enterprise server 12 SP3	8.24.0-3.7.1 fixed
suse enterprise server 12 SP5	8.24.0-3.28.2 fixed
suse enterprise server 15	8.33.1-3.3.1 fixed
suse enterprise server 15 SP1	8.33.1-3.3.1 fixed
suse enterprise server 15 SP2	8.39.0-2.90 fixed
suse enterprise server 15 SP3	8.39.0-4.10.1 fixed
suse enterprise server 15 SP4	8.2106.0-150400.3.1 fixed
suse enterprise server 15 SP7	8.2406.0-150700.1.6 fixed

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

http://www.openwall.com/lists/oss-security/2015/06/18/12

http://www.openwall.com/lists/oss-security/2015/06/20/3

http://www.securityfocus.com/bid/75298

http://www.securitytracker.com/id/1032885

https://bugzilla.redhat.com/show_bug.cgi?id=1232826

http://www.openwall.com/lists/oss-security/2015/06/18/12

http://www.openwall.com/lists/oss-security/2015/06/20/3

http://www.securityfocus.com/bid/75298

http://www.securitytracker.com/id/1032885

https://bugzilla.redhat.com/show_bug.cgi?id=1232826