Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1951

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1951
Last Modified 12 Jul 2011 12:00:00
Published 11 Jul 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1951

Summary

lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.

Vulnerable Systems

Application

  • Balabit Syslog-ng 1.0

  • Balabit Syslog-ng 1.1

  • Balabit Syslog-ng 1.2

  • Balabit Syslog-ng 1.3

  • Balabit Syslog-ng 1.4

  • Balabit Syslog-ng 1.5

  • Balabit Syslog-ng 1.6

  • Balabit Syslog-ng 1.9

  • Balabit Syslog-ng 2.0

  • Balabit Syslog-ng 2.0.10

  • Balabit Syslog-ng 2.1

  • Balabit Syslog-ng 2.1.3

  • Balabit Syslog-ng 2.1.4

  • Balabit Syslog-ng 3.0

  • Balabit Syslog-ng 3.0.1

  • Balabit Syslog-ng 3.0.10

  • Balabit Syslog-ng 3.0.2

  • Balabit Syslog-ng 3.0.3

  • Balabit Syslog-ng 3.0.4

  • Balabit Syslog-ng 3.0.5

  • Balabit Syslog-ng 3.0.6

  • Balabit Syslog-ng 3.0.7

  • Balabit Syslog-ng 3.0.8

  • Balabit Syslog-ng 3.0.9

  • Balabit Syslog-ng 3.1

  • Balabit Syslog-ng 3.1.0

  • Balabit Syslog-ng 3.1.1

  • Balabit Syslog-ng 3.1.2

  • Balabit Syslog-ng 3.1.3

  • Balabit Syslog-ng 3.1.4

  • Balabit Syslog-ng 3.2

  • Balabit Syslog-ng 3.2.1

  • Balabit Syslog-ng 3.2.2

  • Balabit Syslog-ng 3.2.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=709088

MLIST - [oss-security] 20110526 CVE Request -- syslog-ng -- Possible DoS

CONFIRM - http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff

BID - 47800

SECUNIA - 45122

FEDORA - FEDORA-2011-8405


Last Updated: 27 May 2016 10:56:52