Description
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
Affected products
- balabit / syslog-ng1.4.6
- balabit / syslog-ng1.4.7 – 1.4.7
- balabit / syslog-ng1.4.8 – 1.4.8
References
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html
- MISChttp://www.balabit.hu/products/syslog-ng/
- MISChttp://www.securityfocus.com/bid/1981
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/5576
- VENDOR_ADVISORYftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc