Gentoo Linux Security Advisory 201412-35 - Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. Versions less than 8.4.2 are affected.
7db176d00ab76358788ddc53d62e7c9adc9a9502b21744efc78dd4089352ed30Mandriva Linux Security Advisory 2012-100 - An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service via specially-crafted message, to be logged. The updated packages have been patched to correct this issue.
613dfcef425f4a5b661ad286cf09803a2aa7044018ac10a963dd2f0b79087e99Red Hat Security Advisory 2012-0796-04 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default.
2155d79e28e8e74a243b1f67069744419bc5811e098622feae8c4b6cb4ec4962Ubuntu Security Notice 1338-1 - Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
6264f07026f2ba1f45c37662a5f12cb7b5059c2d86077a34f78fb276df4673e8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed