Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2015-5378

From: Suyog Rao <suyog () elastic co>
Date: Thu, 5 Nov 2015 22:11:00 -0800
Summary:

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using 
the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting 
communication between the Logstash Forwarder agent and Logstash server. 

Note: Only deployments using the Logstash Forwarder or the Lumberjack input are affected by this vulnerability.

Fixed versions:

Version 1.5.3 and 1.4.4 has been patched with a fix that addresses this vulnerability.

Remediation:
Users that currently use Logstash Forwarder in combination with Lumberjack input in Logstash or may want to use it in 
the future should upgrade to 1.5.3 or 1.4.4.  

Users that do not want to upgrade can address the vulnerability by disabling the Lumberjack input. Please note that you 
will not be able to use Logstash Forwarder after the Lumberjack input is disabled. 

Credit:
Accenture Security Team discovered this issue. Paul Kloves from Accenture has been coordinating with us. 

CVSS
Overall CVSS score: 4.3
Previous By Date Next
Previous By Thread Next

Current thread: