MDVSA-2012:100: rsyslog
June 25, 2012 in Mandriva Security Advisories
A vulnerability has been discovered and corrected in rsyslog:
An integer signedness error, leading to heap based buffer overflow
was found in the way the imfile module of rsyslog, an enhanced
system logging and kernel message trapping daemon, processed text
files larger than 64 KB. When the imfile rsyslog module was enabled,
a local attacker could use this flaw to cause denial of service
(rsyslogd daemon hang) via specially-crafted message, to be logged
(CVE-2011-4623).
The updated packages have been patched to correct this issue.
An integer signedness error, leading to heap based buffer overflow
was found in the way the imfile module of rsyslog, an enhanced
system logging and kernel message trapping daemon, processed text
files larger than 64 KB. When the imfile rsyslog module was enabled,
a local attacker could use this flaw to cause denial of service
(rsyslogd daemon hang) via specially-crafted message, to be logged
(CVE-2011-4623).
The updated packages have been patched to correct this issue.
Recent Comments