Lucene search
GoogleOSV:DSA-1464-1HistoryJan 15, 2008 - 12:00 a.m.
syslog-ng - denial of service
2008-01-1500:00:00
Google
osv.dev
8
0.497 Medium
EPSS
Percentile
97.5%
Oriol Carreras discovered that syslog-ng, a next generation logging
daemon can be tricked into dereferencing a NULL pointer through
malformed timestamps, which can lead to denial of service and the
disguise of an subsequent attack, which would otherwise be logged.
The old stable distribution (sarge) is not affected.
For the stable distribution (etch), this problem has been fixed in
version 2.0.0-1etch1.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.6-1.
We recommend that you upgrade your syslog-ng package.
References
Related
nessus
nessus
Fedora 8 : syslog-ng-2.0.7-1.fc8 (2008-0523)
2008-01-21 00:00:00
GLSA-200712-19 : Syslog-ng: Denial of Service
2007-12-31 00:00:00
Fedora 7 : syslog-ng-2.0.7-1.fc7 (2008-0559)
2008-01-21 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-19 (syslog-ng)
2008-09-24 00:00:00
Fedora Update for syslog-ng FEDORA-2008-0559
2009-02-17 00:00:00
Debian Security Advisory DSA 1464-1 (syslog-ng)
2008-01-31 00:00:00
gentoo
gentoo
Syslog-ng: Denial of service
2007-12-29 00:00:00
debian
debian
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service
2008-01-15 23:47:39
ubuntucve
ubuntucve
CVE-2007-6437
2007-12-19 00:00:00
prion
prion
Null pointer dereference
2007-12-19 21:46:00
cvelist
cvelist
CVE-2007-6437
2007-12-19 21:00:00
cve
cve
CVE-2007-6437
2007-12-19 21:46:00
debiancve
debiancve
CVE-2007-6437
2007-12-19 21:46:00
fedora
fedora
[SECURITY] Fedora 8 Update: syslog-ng-2.0.7-1.fc8
2008-01-18 23:56:16
[SECURITY] Fedora 7 Update: syslog-ng-2.0.7-1.fc7
2008-01-18 23:56:40
nvd
nvd
CVE-2007-6437
2007-12-19 21:46:00