Debian Security Advisory DSA 1464-1 (syslog-ng) Network Vulnerability

Summary

The remote host is missing an update to syslog-ng announced via advisory DSA 1464-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201464-1

Insight

Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged. For the unstable distribution (sid), this problem has been fixed in version 2.0.6-1. For the stable distribution (etch), this problem has been fixed in version 2.0.0-1etch1. The old stable distribution (sarge) is not affected. We recommend that you upgrade your syslog-ng package.

Severity

Classification

CVE CVE-2007-6437
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 1000-2 (libapreq2-perl)
Debian Security Advisory DSA 109-1 (faqomatic)
Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)

Take action and discover your vulnerabilities