Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Syslog-ng

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Thu Aug 04, 2005 12:23 am    Post subject: Syslog-ng Reply with quote
Péter Höltzl discovered a problem in the way syslog-ng handles macroexpansion. When a macro is expanded a static length buffer is usedaccompanied by a counter. However, when constant chharacters areappended, the counter is not updated properly, leading to incorrectboundary checking. An attacker may be able to use specially craftedlog messages inserted via UDP which overflows the buffer.This problem has been fixed in version 1.5.15-1.1 for the currentstable distribution (woody), in version 1.4.0rc3-3.2 for the oldstable distribution (potato) and version 1.5.21-1 for the unstabledistribution (sid).
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group