855 matches found
rsyslog: remote denial of service
Sending a syslog message containing an invalid PRI value to a vulnerable rsyslog server accepting remote message will trigger a denial of service by crashing the rsyslog process...
FreeBSD : rsyslog -- remote syslog PRI vulnerability (8e0e86ff-48b5-11e4-ab80-000c29f6ae42)
The rsyslog project reports : potential abort when a message with PRI 191 was processed if the 'pri-text' property was used in active templates, this could be abused to a remote denial of service from permitted senders The original fix for CVE-2014-3634 was not adequate. %NASLMINLEVEL 70300 C...
UBUNTU-CVE-2014-3634
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array access...
[SECURITY] [DSA 3040-1] rsyslog security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3040-1 [email protected] http://www.debian.org/security/ September 30, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian Security Advisory DSA 3040-1 (rsyslog - security update)
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack. OpenV...
rsyslog -- remote syslog PRI vulnerability
The rsyslog project reports: potential abort when a message with PRI 191 was processed if the "pri-text" property was used in active templates, this could be abused to a remote denial of service from permitted senders The original fix for CVE-2014-3634 was not adequate...
DSA-3040-1 rsyslog - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3040-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : rsyslog (openSUSE-SU-2011:1020-1)
Specially crafted log messages could crash rsyslogd CVE-2011-3200. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rsyslog-5099. The text description of this plugin is C SUSE LLC...
openSUSE Security Update : rsyslog (openSUSE-SU-2011:0326-1)
rsyslog was updated to version 5.6.5 to fix a number of memory leaks that could crash the syslog daemon CVE-2011-1488, CVE-2011-1489, CVE-2011-1490. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : rsyslog (openSUSE-SU-2011:1020-1)
Specially crafted log messages could crash rsyslogd CVE-2011-3200. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rsyslog-5099. The text description of this plugin is C SUSE LLC...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
Double free
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
CVE-2013-4758
CVE-2013-4758 describes a double‑free memory corruption in the rsyslog omelasticsearch plugin (ElasticSearch plugin) within rsyslog when the errorfile parameter is set for local logging. The underlying issue is in writeDataError, affecting rsyslog versions up to 7.4.1 (stable) and up to 7.5.1 (de...
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
Amazon Linux AMI : rsyslog (ALAS-2012-105)
A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if the...
Oracle Linux 6 : rsyslog (ELSA-2011-1247)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1247 advisory. 4.6.2-3.el61.2 - add patch to resolve buffer overflow CVE-2011-3200 Resolves: 733647 Tenable has extracted the preceding description block directly from the...
Oracle Linux 6 : rsyslog (ELSA-2012-0796)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0796 advisory. 5.8.10-2 - add patch to update information on debugging in the man page Resolves: 820311 - add patch to prevent debug output to stdout after forking Resolves:...