Info

Disclosure

Dec 17, 2007

Discovery

Dec 14, 2007

Dates

Exploit

Unknown

Solution

Unknown

Description

syslog-ng contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted timestamp triggers a NULL pointer dereference , and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Products

Unknown or Incomplete

References

Security Tracker: 1019105
CVE ID: 2007-6437 (see also: NVD)
Secunia Advisory ID: 28118 28279
ISS X-Force ID: 39082
VUPEN Advisory: ADV-2007-4257
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0203.html
http://archives.neohapsis.com/archives/bugtraq/2007-12/0204.html
http://seclists.org/bugtraq/2007/Dec/0202.html
Vendor URL: http://www.balabit.com/
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200712-19.xml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/39551