rsyslog imfile Integer Signedness Error Lets Local Users Deny Service
|
SecurityTracker Alert ID: 1026556 |
SecurityTracker URL: http://securitytracker.com/id/1026556
|
CVE Reference:
CVE-2011-4623
(Links to External Site)
|
Date: Jan 23 2012
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.6.5 and prior versions
|
Description:
A vulnerability was reported in rsyslog. A local user can cause denial of service conditions.
A local user can cause supply a specially crafted message to be logged to trigger an integer signedness error and resulting heap overflow and cause rsyslog to crash.
Systems with the imfile rsyslog module enabled are affected.
Peter Eisentraut reported this vulnerability.
|
Impact:
A local user can cause rsyslog to crash.
|
Solution:
The vendor has issued a fix (4.6.6).
The vendor has also issued a source code fix, available at:
http://git.adiscon.com/?p=rsyslog.git;a=commit;h=6bad782f154b7f838c7371bf99c13f6dc4ec4101
|
Vendor URL: rsyslog.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|