oss-sec mailing list archives
Re: CVE Request - rsyslog ($allowedSender issue repost + imudp DoS)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 15 Dec 2008 18:30:01 +0100
Hello Steve, rsyslog upstream has fixed DoS in rsyslog's imudp plugin -- "imudp emitted a message when a non-permitted sender tried to send a message to it. This behaviour is operator-configurable." Changelog: http://www.rsyslog.com/Topic4.phtml Upstream commit: http://git.adiscon.com/?p=rsyslog.git;a=commit;h=afdccceefa30306cf720a27efd5a29bcc5a916c9 Affected versions: 3.20.2 [v3-stable], 3.21.9 [BETA], 4.1.2 [DEVEL] On Mon, 2008-12-08 at 15:53 +0100, Jan Lieskovsky wrote:
Hello Steve, the following vulnerability has been recently reported in rsyslog: http://www.rsyslog.com/Article322.phtml References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508027 http://secunia.com/Advisories/32857/ Upstream patch: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=f0ddbed44c332391ae6d9bbf6b07e2f06c4dd676 The reporter mentions: "The versions affected are rsyslog 3.12.1 to 3.20.0, 4.1.0 and 4.1.1. The v2-stable branch is not affected."
Could you allocate a new CVE id for these two rsyslog flaws? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - rsyslog Jan Lieskovsky (Dec 08)
- Re: CVE Request - rsyslog ($allowedSender issue repost + imudp DoS) Jan Lieskovsky (Dec 15)
- Re: CVE Request - rsyslog ($allowedSender issue repost + imudp DoS) Steven M. Christey (Dec 16)
- Re: CVE Request - rsyslog ($allowedSender issue repost + imudp DoS) Jan Lieskovsky (Dec 15)