|
Balabit syslog-ng Incomplete Priority String Remote DoS Vulnerability
Solution: Balabit has released version 1.4.9, which adressed this issue but had a seperate bug. Users are encouraged to upgrade to 1.49a, which has both bugs resolved. For more information, see the syslog-ng product page, at: http://www.balabit.hu/products/syslog-ng/ For users who do not want to upgrade, Balabit has provided the following patch information: diff -urN syslog-ng-1.4.8/src/log.c syslog-ng-1.4.9/src/log.c --- syslog-ng-1.4.8/src/log.c Tue Oct 10 15:05:52 2000 +++ syslog-ng-1.4.9/src/log.c Wed Nov 22 16:45:11 2000 @@ -67,8 +67,10 @@ left--; } lm->pri =3D pri; - src++; - left--; + if (left) { + src++; + left--; + } } else { lm->pri =3D LOG_USER | LOG_NOTICE; |
|
|
Privacy Statement |
