exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1464-1

Debian Linux Security Advisory 1464-1
Posted Jan 16, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1464-1 - Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-6437
SHA-256 | 709413684fbcfe4de2f8bce74ad577baf1efe925079cc2d1f27fee7378cdd765

Debian Linux Security Advisory 1464-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1464-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : syslog-ng
Vulnerability : null pointer dereference
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-6437

Oriol Carreras discovered that syslog-ng, a next generation logging
daemon can be tricked into dereferencing a NULL pointer through
malformed timestamps, which can lead to denial of service and the
disguise of an subsequent attack, which would otherwise be logged.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.6-1.

For the stable distribution (etch), this problem has been fixed in
version 2.0.0-1etch1.

The old stable distribution (sarge) is not affected.

We recommend that you upgrade your syslog-ng package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1.dsc
Size/MD5 checksum: 630 0c4d7f9fe291909962a6b5ef92eca5e4
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0.orig.tar.gz
Size/MD5 checksum: 346056 6ea55c647dcbd3d58a58b8d90f7ea300
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1.diff.gz
Size/MD5 checksum: 10487 a1411ff4c12a79a915ba7e27d9ce79ba

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_alpha.deb
Size/MD5 checksum: 216072 c1eb157b2bd909ee23c7443b602b5446

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_amd64.deb
Size/MD5 checksum: 199956 393ba6fe859eb97fea6bbe95fdafc54f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_arm.deb
Size/MD5 checksum: 182992 5566905c2821adc329617626eae19b5c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_hppa.deb
Size/MD5 checksum: 204112 c3d2f3d7f4878330f70cd7842c8e6bc1

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_i386.deb
Size/MD5 checksum: 177118 cfe45722a293c23a72b6791f1ac30549

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_ia64.deb
Size/MD5 checksum: 271682 fbd2a41a0d894a261ac44d5d6ed28208

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_mips.deb
Size/MD5 checksum: 203130 92d7ec89d158491a80629f8a75a3f8cb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_mipsel.deb
Size/MD5 checksum: 203422 56cfd580b06ee59a92121cd8a17c52f3

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_powerpc.deb
Size/MD5 checksum: 189374 01053f541ef4eb99dcfe7023e4f0e7fb

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_s390.deb
Size/MD5 checksum: 201736 9921207160c7d67b7f0cf5b8571054c7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_sparc.deb
Size/MD5 checksum: 176494 327ce3c41678d0a54f4d37e97ef9d411


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHjUXeXm3vHE4uyloRAvLhAJ9C3ZuE2uEGhcaP8OW8yBZA2cgzqACggsPn
BNiblQrjZFShbhwh55oG2Mw=
=T5Ld
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close