RHEL 2.1 : logwatch (RHSA-2005:364)

medium Nessus Plugin ID 18094

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated logwatch package that fixes a denial of service issue is now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.

A bug was found in the logwatch secure script. If an attacker is able to inject an arbitrary string into the /var/log/secure file, it is possible to prevent logwatch from detecting malicious activity. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1061 to this issue.

All users of logwatch are advised to upgrade to this updated package, which contain backported fixes for this issue.

Solution

Update the affected logwatch package.

See Also

https://access.redhat.com/security/cve/cve-2005-1061

https://access.redhat.com/errata/RHSA-2005:364

Plugin Details

Severity: Medium

ID: 18094

File Name: redhat-RHSA-2005-364.nasl

Version: 1.26

Type: local

Agent: unix

Published: 4/19/2005

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:logwatch, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 4/19/2005

Vulnerability Publication Date: 5/2/2005

Reference Information

CVE: CVE-2005-1061

RHSA: 2005:364