what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ZSA-2007-029.txt

ZSA-2007-029.txt
Posted Dec 18, 2007
Authored by Oriol Carreras | Site balabit.com

syslog-ng Open Source Edition versions below 2.0.6 and Premium Edition versions below 2.1.8 suffer from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 9621233c56ba9215cc1f498947ba24ca3cee28eb2becbd870b1a7eb6b1855480

ZSA-2007-029.txt

Change Mirror Download

-------- Z o r p S e c u r i t y A d v i s o r y ( Z S A ) ------------
PACKAGE : syslog-ng, syslog-ng-premium-edition
AFFECTED VERSION : <= 2.0.6, 2.1.8
FIXED : 2.0.6, 2.1.8
SUMMARY : Denial of Service
TYPE : remote
AFFECTED : all platforms
ZSA-ID : ZSA-2007-029
DATE : Dec 14, 2007
-----------------------------------------------------------------------------

DESCRIPTION:

Oriol Carreras has discovered a security vulnerability in syslog-ng, the
multi-platform syslog-replacement application developed by BalaBit IT
Security.

BACKGROUND:

Earlier versions of syslog-ng Open Source Edition and syslog-ng Premium
Edition were vulnerable to a possible Denial of Service. The latest
release (2.0.6 for syslog-ng, 2.1.8 for syslog-ng Premium Edition) fixes a
segmentation fault which occurred when the timestamp of the incoming
messages did not end with a space character (NULL pointer dereference).
This is an easy Denial of Service possibility.

Apart from the Denial of Service, no further exploits are known to be
possible.

FURTHER INFORMATION

For further information on syslog-ng, visit
http://www.balabit.com/network-security/syslog-ng/
or download the documentation of syslog-ng from
http://www.balabit.com/support/documentation/

SOLUTION:

We recommend that you update the affected packages immediately, or apply
the patch referenced below:

http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170

DOWNLOAD:

If you are a syslog-ng Open Source Edition user, download the source of the
latest release from:

http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/


If you are a syslog-ng Premium Edition user, or have binary subscription for
syslog-ng Open Source Edition, download the latest binaries from:

http://www.balabit.com/downloads/files/syslog-ng/binaries/premium-edition/

OR, if you have a platform that is supported by apt-get, use the following
apt sources to fetch the latest releases:

Debian GNU/Linux
----------------

etch:

deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ debian-etch/syslog-ng-2.1 syslog-ng-pe

RedHat Enterprise Linux
-----------------------

RHEL-4

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ rhel-4/syslog-ng-2.1 syslog-ng-pe

SUSE 10
-------

SUSE 10.0

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.0/syslog-ng-2.1 syslog-ng-pe

SUSE 10.1

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.1/syslog-ng-2.1 syslog-ng-pe

HTTP can also be used in the place of HTTPS If your version of apt-get
does not support the HTTPS protocol. When using plain HTTP,
the username and password will not be encrypted.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close