AOH :: HP Unsorted S :: BX1099.HTM

syslog-ng Denial of Service



ZSA-2007-029: syslog-ng Denial of Service
ZSA-2007-029: syslog-ng Denial of Service




--=-LWUl1c7Yx2GagrFz5+JY
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


--------   Z o r p  S e c u r i t y  A d v i s o r y   ( Z S A ) ------------
PACKAGE             : syslog-ng, syslog-ng-premium-edition
AFFECTED VERSION    : <= 2.0.6, 2.1.8
FIXED               : 2.0.6, 2.1.8
SUMMARY             : Denial of Service
TYPE                : remote
AFFECTED            : all platforms
ZSA-ID              : ZSA-2007-029
DATE                : Dec 14, 2007
-----------------------------------------------------------------------------

DESCRIPTION:

   Oriol Carreras has discovered a security vulnerability in syslog-ng, the
   multi-platform syslog-replacement application developed by BalaBit IT
   Security.

BACKGROUND:

   Earlier versions of syslog-ng Open Source Edition and syslog-ng Premium
   Edition were vulnerable to a possible Denial of Service. The latest
   release (2.0.6 for syslog-ng, 2.1.8 for syslog-ng Premium Edition) fixes a
   segmentation fault which occurred when the timestamp of the incoming
   messages did not end with a space character (NULL pointer dereference).
   This is an easy Denial of Service possibility.

   Apart from the Denial of Service, no further exploits are known to be
   possible.

FURTHER INFORMATION

   For further information on syslog-ng, visit
http://www.balabit.com/network-security/syslog-ng/ 
   or download the documentation of syslog-ng from
http://www.balabit.com/support/documentation/ 

SOLUTION:

   We recommend that you update the affected packages immediately, or apply 
   the patch referenced below:

http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170 

DOWNLOAD:

   If you are a syslog-ng Open Source Edition user, download the source of the
   latest release from:

http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/ 


   If you are a syslog-ng Premium Edition user, or have binary subscription for
   syslog-ng Open Source Edition, download the latest binaries from:

http://www.balabit.com/downloads/files/syslog-ng/binaries/premium-edition/ 

   OR, if you have a platform that is supported by apt-get, use the following
   apt sources to fetch the latest releases:

   Debian GNU/Linux
   ----------------

   etch:

deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ debian-etch/syslog-ng-2.1 syslog-ng-pe 

   RedHat Enterprise Linux
   -----------------------

   RHEL-4

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ rhel-4/syslog-ng-2.1 syslog-ng-pe 

   SUSE 10
   -------

   SUSE 10.0

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.0/syslog-ng-2.1 syslog-ng-pe 

   SUSE 10.1

rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ suse-10.1/syslog-ng-2.1 syslog-ng-pe 

   HTTP can also be used in the place of HTTPS If your version of apt-get
   does not support the HTTPS protocol. When using plain HTTP,
   the username and password will not be encrypted.



--=-LWUl1c7Yx2GagrFz5+JY
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBHZlGNthNE0K3PQTgRAnxNAJ90rBSAu1NVar1NQnwFHq/cZlArCwCghZVy
x2IphYoQ1B7Y+dknzd1Qzrk=RnJN
-----END PGP SIGNATURE-----

--=-LWUl1c7Yx2GagrFz5+JY--


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.