Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2011-3200

Published: 6 September 2011

Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.

Notes

AuthorNote
jdstrand 
On i386 and amd64 it seems to just truncate messages slightly and
not be a DoS. Will patch anyway just in case for other architectures.

Priority

Low

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian 		upstream
Released (4.6.8, 5.8.5-1)
hardy Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty
Released (4.6.4-2ubuntu4.1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading