Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Syslog-ng Vendors:   Scheidler, Balazs
Syslog-ng Timestamp NULL Pointer Dereference Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1019105
SecurityTracker URL:
CVE Reference:   CVE-2007-6437   (Links to External Site)
Updated:  Dec 30 2007
Original Entry Date:  Dec 17 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.0.6 and 2.1.8
Description:   A vulnerability was reported in Syslog-ng. A remote user can cause denial of service conditions.

A remote user can send a specially crafted timestamp value (that does not end with a space character) to trigger a NULL pointer dereference and cause the target service to crash.

The vulnerability resides in 'src/logmsg.c'.

Oriol Carreras reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued fixed versions.

Open Source Edition (2.0.6), available at:

Premium Edition (2.1.8), available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  ZSA-2007-029: syslog-ng Denial of Service

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

--------   Z o r p  S e c u r i t y  A d v i s o r y   ( Z S A ) ----------=
PACKAGE             : syslog-ng, syslog-ng-premium-edition
AFFECTED VERSION    : <=3D 2.0.6, 2.1.8
FIXED               : 2.0.6, 2.1.8
SUMMARY             : Denial of Service
TYPE                : remote
AFFECTED            : all platforms
ZSA-ID              : ZSA-2007-029
DATE                : Dec 14, 2007


   Oriol Carreras has discovered a security vulnerability in syslog-ng, the
   multi-platform syslog-replacement application developed by BalaBit IT


   Earlier versions of syslog-ng Open Source Edition and syslog-ng Premium
   Edition were vulnerable to a possible Denial of Service. The latest
   release (2.0.6 for syslog-ng, 2.1.8 for syslog-ng Premium Edition) fixes=
   segmentation fault which occurred when the timestamp of the incoming
   messages did not end with a space character (NULL pointer dereference).
   This is an easy Denial of Service possibility.

   Apart from the Denial of Service, no further exploits are known to be


   For further information on syslog-ng, visit
   or download the documentation of syslog-ng from


   We recommend that you update the affected packages immediately, or apply=
   the patch referenced below:;a=3Dcommitdiff;h=3D31=


   If you are a syslog-ng Open Source Edition user, download the source of =
   latest release from:

   If you are a syslog-ng Premium Edition user, or have binary subscription=
   syslog-ng Open Source Edition, download the latest binaries from:

   OR, if you have a platform that is supported by apt-get, use the followi=
   apt sources to fetch the latest releases:

   Debian GNU/Linux


     deb debia=
n-etch/syslog-ng-2.1 syslog-ng-pe

   RedHat Enterprise Linux


     rpm rhel-=
4/syslog-ng-2.1 syslog-ng-pe

   SUSE 10

   SUSE 10.0

     rpm suse-=
10.0/syslog-ng-2.1 syslog-ng-pe

   SUSE 10.1

     rpm suse-=
10.1/syslog-ng-2.1 syslog-ng-pe

   HTTP can also be used in the place of HTTPS If your version of apt-get
   does not support the HTTPS protocol. When using plain HTTP,
   the username and password will not be encrypted.

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.6 (GNU/Linux)




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC