Lucene search

[email protected]NVD:CVE-2011-4623

HistorySep 25, 2012 - 11:55 p.m.

CVE-2011-4623

2012-09-2523:55:01

CWE-189

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

rsyslogrsyslogMatch4.1.0

rsyslogrsyslogMatch4.1.1

rsyslogrsyslogMatch4.1.2

rsyslogrsyslogMatch4.1.3

rsyslogrsyslogMatch4.1.4

rsyslogrsyslogMatch4.1.5

rsyslogrsyslogMatch4.1.6

rsyslogrsyslogMatch4.1.7

rsyslogrsyslogMatch4.2.0

rsyslogrsyslogMatch4.3.0

rsyslogrsyslogMatch4.3.1

rsyslogrsyslogMatch4.3.2

rsyslogrsyslogMatch4.4.0

rsyslogrsyslogMatch4.4.1

rsyslogrsyslogMatch4.4.2

rsyslogrsyslogMatch4.5.0

rsyslogrsyslogMatch4.5.1

rsyslogrsyslogMatch4.5.2

rsyslogrsyslogMatch4.5.3

rsyslogrsyslogMatch4.5.4

rsyslogrsyslogMatch4.5.5

rsyslogrsyslogMatch4.5.6

rsyslogrsyslogMatch4.5.7

rsyslogrsyslogMatch4.5.8

rsyslogrsyslogMatch4.6.0

rsyslogrsyslogMatch4.6.1

rsyslogrsyslogMatch4.6.2

rsyslogrsyslogMatch4.6.3

rsyslogrsyslogMatch4.6.4

rsyslogrsyslogMatch4.6.5

Node

rsyslogrsyslogMatch5.1.0

rsyslogrsyslogMatch5.1.1

rsyslogrsyslogMatch5.1.2

rsyslogrsyslogMatch5.1.3

rsyslogrsyslogMatch5.1.4

rsyslogrsyslogMatch5.1.5

rsyslogrsyslogMatch5.1.6

rsyslogrsyslogMatch5.2.0

rsyslogrsyslogMatch5.2.1

rsyslogrsyslogMatch5.2.2

rsyslogrsyslogMatch5.3.1

rsyslogrsyslogMatch5.3.2

rsyslogrsyslogMatch5.3.3

rsyslogrsyslogMatch5.3.4

rsyslogrsyslogMatch5.3.5

rsyslogrsyslogMatch5.3.6

rsyslogrsyslogMatch5.3.7

rsyslogrsyslogMatch5.4.0

rsyslogrsyslogMatch5.4.1

rsyslogrsyslogMatch5.4.2

rsyslogrsyslogMatch5.5.0

rsyslogrsyslogMatch5.5.1

rsyslogrsyslogMatch5.5.2

rsyslogrsyslogMatch5.5.3

rsyslogrsyslogMatch5.5.4

rsyslogrsyslogMatch5.5.5

rsyslogrsyslogMatch5.5.6

rsyslogrsyslogMatch5.5.7

rsyslogrsyslogMatch5.6.0

rsyslogrsyslogMatch5.6.1

rsyslogrsyslogMatch5.6.2

rsyslogrsyslogMatch5.6.3

rsyslogrsyslogMatch5.6.4

rsyslogrsyslogMatch5.6.5

rsyslogrsyslogMatch5.7.0

rsyslogrsyslogMatch5.7.1

rsyslogrsyslogMatch5.7.2

rsyslogrsyslogMatch5.7.3

Node

rsyslogrsyslogMatch6.1.0

rsyslogrsyslogMatch6.1.1

rsyslogrsyslogMatch6.1.2

rsyslogrsyslogMatch6.1.3

References

bugzilla.adiscon.com/show_bug.cgi?id=221

git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101

rsyslog.com/changelog-for-4-6-6-v4-stable/

rsyslog.com/changelog-for-5-7-4-v5-beta/

rsyslog.com/changelog-for-6-1-4-devel/

secunia.com/advisories/45848

secunia.com/advisories/47698

www.openwall.com/lists/oss-security/2011/12/22/2

www.securityfocus.com/bid/51171

www.securitytracker.com/id?1026556

www.ubuntu.com/usn/USN-1338-1

bugzilla.redhat.com/show_bug.cgi?id=769822

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2011-4623

cve1 nessus8 cvelist1 redhat1 ubuntu1 ubuntucve1 openvas11 oraclelinux1 debiancve1 prion1 amazon1 veracode1 centos1 gentoo1