Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 175-1 (syslog-ng)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to syslog-ng announced via advisory DSA 175-1.
Insight
Insight
Péter Höltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer. This problem has been fixed in version 1.5.15-1.1 for the current stable distribution (woody), in version 1.4.0rc3-3.2 for the old stable distribution (potato) and version 1.5.21-1 for the unstable distribution (sid). We recommend that you upgrade your syslog-ng package immediately.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20175-1