ZSA-2007-029: syslog-ng Denial of Service

2007-12-18T00:00:00
ID SECURITYVULNS:DOC:18671
Type securityvulns
Reporter Securityvulns
Modified 2007-12-18T00:00:00

Description

-------- Z o r p S e c u r i t y A d v i s o r y ( Z S A ) ------------ PACKAGE : syslog-ng, syslog-ng-premium-edition AFFECTED VERSION : <= 2.0.6, 2.1.8 FIXED : 2.0.6, 2.1.8 SUMMARY : Denial of Service TYPE : remote AFFECTED : all platforms ZSA-ID : ZSA-2007-029 DATE : Dec 14, 2007 -----------------------------------------------------------------------------

DESCRIPTION:

Oriol Carreras has discovered a security vulnerability in syslog-ng, the multi-platform syslog-replacement application developed by BalaBit IT Security.

BACKGROUND:

Earlier versions of syslog-ng Open Source Edition and syslog-ng Premium Edition were vulnerable to a possible Denial of Service. The latest release (2.0.6 for syslog-ng, 2.1.8 for syslog-ng Premium Edition) fixes a segmentation fault which occurred when the timestamp of the incoming messages did not end with a space character (NULL pointer dereference). This is an easy Denial of Service possibility.

Apart from the Denial of Service, no further exploits are known to be possible.

FURTHER INFORMATION

For further information on syslog-ng, visit http://www.balabit.com/network-security/syslog-ng/ or download the documentation of syslog-ng from http://www.balabit.com/support/documentation/

SOLUTION:

We recommend that you update the affected packages immediately, or apply the patch referenced below:

http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170

DOWNLOAD:

If you are a syslog-ng Open Source Edition user, download the source of the latest release from:

http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/

If you are a syslog-ng Premium Edition user, or have binary subscription for syslog-ng Open Source Edition, download the latest binaries from:

 http://www.balabit.com/downloads/files/syslog-ng/binaries/premium-edition/

OR, if you have a platform that is supported by apt-get, use the following apt sources to fetch the latest releases:

Debian GNU/Linux


etch:

 deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ debian-etch/syslog-ng-2.1 syslog-ng-pe

RedHat Enterprise Linux


RHEL-4

 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ rhel-4/syslog-ng-2.1 syslog-ng-pe

SUSE 10


SUSE 10.0

 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.0/syslog-ng-2.1 syslog-ng-pe

SUSE 10.1

 rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.1/syslog-ng-2.1 syslog-ng-pe

HTTP can also be used in the place of HTTPS If your version of apt-get does not support the HTTPS protocol. When using plain HTTP, the username and password will not be encrypted.