[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Logstash vulnerability CVE-2015-5378

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Logstash vulnerability CVE-2015-5378
From: Kevin Kluge <kevin@xxxxxxxxxx>
Date: Tue, 21 Jul 2015 23:50:16 +0200

Summary:

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue 
called the FREAK attack. If you are using the Lumberjack input, FREAK allows an 
attacker to successfully implement a man in the middle attack, intercepting 
communication between the Logstash Forwarder agent and Logstash server. 

Note: Only deployments using the Logstash Forwarder or the Lumberjack input are 
affected by this vulnerability.

Fixed versions:

Version 1.5.3 and 1.4.4 has been patched with a fix that addresses this 
vulnerability.

Remediation:
Users that currently use Logstash Forwarder in combination with Lumberjack 
input in Logstash or may want to use it in the future should upgrade to 1.5.3 
or 1.4.4.  

Users that do not want to upgrade can address the vulnerability by disabling 
the Lumberjack input. Please note that you will not be able to use Logstash 
Forwarder after the Lumberjack input is disabled. 

Credit:
Accenture Security Team discovered this issue. Paul Kloves from Accenture has 
been coordinating with us. 

CVSS
Overall CVSS Score: 4.3

Prev by Date: WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals
Next by Date: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
Previous by thread: WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals
Next by thread: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
Index(es):
- Date
- Thread