Merge pull request Semmle#4 from kev/rsyslog_snprintf

Sam · GitHub Enterprise · commit a93b1f7dffe7 · 2018-06-14T11:25:50.000-07:00
Simplify the README by linking to the blog post
diff --git a/rsyslog/CVE-2018-1000140_snprintf_librelp/README.md b/rsyslog/CVE-2018-1000140_snprintf_librelp/README.md
@@ -1,68 +1,5 @@
-# Docker
+# Remote code execution in librelp (CVE-2018-1000140)
 
-To build and run the Dockerfile:
+This directory contains a proof-of-concept exploit for a remote code execution vulnerability in [librelp](https://www.rsyslog.com/librelp/). The vulnerability was fixed in librelp version [1.2.15](https://www.rsyslog.com/librelp-1-2-15/), released on 2018-03-22.
 
-```
-docker build . -t kev-rsyslog
-docker network create -d bridge --subnet 172.25.0.0/16 kev-rsyslog-network
-```
-
-In terminal 1, start a container for the server:
-
-```
-docker run --network=kev-rsyslog-network --ip=172.25.0.10 -h rsyslog-server -i -t kev-rsyslog
-```
-
-If you want to use `gdb` to see the server crash, then start the server like this:
-
-```
-docker run --network=kev-rsyslog-network --ip=172.25.0.10 -h rsyslog-server --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -i -t kev-rsyslog
-```
-
-In terminal 2, start a container for the benevolent client:
-
-```
-docker run --network=kev-rsyslog-network --ip=172.25.0.20 -h rsyslog-client -i -t kev-rsyslog
-```
-
-In the docker container for the benevolent client (terminal 1):
-
-```
-sudo rsyslogd -f benevolent/rsyslog-server.conf
-```
-
-In the docker container for the server (terminal 2), start the benevolent client:
-
-```
-sudo rsyslogd -f benevolent/rsyslog-client.conf
-```
-
-To see that the client has connected to the server:
-
-```
-sudo netstat -ntp
-```
-
-This will show something like this:
-
-```
-Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
-tcp       90      0 172.25.0.20:38866       172.25.0.10:2514        ESTABLISHED 28/rsyslogd
-```
-
-In terminal 3, start a container for the malicious client:
-
-```
-docker run --network=kev-rsyslog-network --ip=172.25.0.30 -h rsyslog-client -i -t kev-rsyslog
-```
-
-In the docker container for the malicious client (terminal 3):
-
-```
-sudo rsyslogd -f malicious/rsyslog-client.conf
-```
-
-
-Instructions for using TLS with rsyslog:
-
-https://www.rsyslog.com/using-tls-with-relp/
+For more information about the vulnerability and for instructions on how to run the proof-of-concept exploit, please see our blog post which is published on both [Rainer Gerhards's blog](https://rainer.gerhards.net/how-we-found-and-fixed-cve-in-librelp) and on the [LGTM blog](https://lgtm.com/blog/rsyslog_snprintf_CVE-2018-1000140).
