Your submission was sent successfully! Close

CVE-2011-4623

Published: 23 December 2011

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Notes

AuthorNote
tyhicks
The imfile module is built in Lucid and newer, but is not loaded in
the default rsyslog config file.
jdstrand
introduced with d2d54013aebb756169182ed8716b142d27134a70 (part of
4.5.0)
Priority

Medium

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(code not present)
lucid Not vulnerable
(has correct type)
maverick Not vulnerable
(has correct type)
natty
Released (4.6.4-2ubuntu4.2)
oneiric Not vulnerable
(5.8.1-1ubuntu2)
upstream
Released (4.6.6, 5.7.4)
Patches:
upstream: http://git.adiscon.com/?p=rsyslog.git;a=commit;h=6bad782f154b7f838c7371bf99c13f6dc4ec4101