MDVSA-2011:134Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2011:134 | First vendor Publication | 2011-09-09 |
| Vendor | Mandriva | Last vendor Modification | 2011-09-09 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
A vulnerability was discovered and corrected in rsyslog: Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message (CVE-2011-3200). The updated packages have been patched to correct this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:134 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74864 | rsyslog tools/syslogd.c parseLegacySyslogMsg() Function Message TAG Off-by-tw... |
(Medium)
