Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)

NASLDB: Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)

General

ID: 59710
Name: Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been discovered and corrected in rsyslog :

An integer signedness error, leading to heap based buffer overflow was
found in the way the imfile module of rsyslog, an enhanced system
logging and kernel message trapping daemon, processed text files
larger than 64 KB. When the imfile rsyslog module was enabled, a local
attacker could use this flaw to cause denial of service (rsyslogd
daemon hang) via specially-crafted message, to be logged
(CVE-2011-4623).

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-4623
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/06/25
Plugin Release: 2012/06/26

Plugin

Version: 1.3
Filename: mandriva_MDVSA-2012-100.nasl
Filesize: 3784 bytes
MD5 Hash: 25d5cb77ef8259ea641658dbda636f2e

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG