Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1200

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1200
Last Modified 04 Feb 2011 12:00:00
Published 28 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1200

Summary

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Vulnerable Systems

Application

  • Balabit Syslog-ng 1.4.0 Rc3

  • Balabit Syslog-ng 1.4.10

  • Balabit Syslog-ng 1.4.15

  • Balabit Syslog-ng 1.4.7

  • Balabit Syslog-ng 1.4.8

  • Balabit Syslog-ng 1.4.9

  • Balabit Syslog-ng 1.5.15

  • Balabit Syslog-ng 1.5.20


References

DEBIAN - DSA-175

CONFIRM - http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt

BID - 5934

SUSE - SuSE-SA:2002:039

ENGARDE - ESA-20021029-028

XF - syslogng-macro-expansion-bo(10339)

BUGTRAQ - 20021010 syslog-ng buffer overflow

CONECTIVA - CLA-2002:547


Last Updated: 27 May 2016 10:37:14