BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability

Bugtraq ID:	26897
Class:	Input Validation Error
CVE:	CVE-2007-6437
Remote:	Yes
Local:	No
Published:	Dec 17 2007 12:00AM
Updated:	Jan 22 2008 10:18PM
Credit:	Oriol Carreras discovered this issue.
Vulnerable:	RedHat Fedora 8 0 RedHat Fedora 7 0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Balabit syslog-ng 2.1.7 Balabit syslog-ng 2.1.6 Balabit syslog-ng 2.1.5 Balabit syslog-ng 2.1.4 Balabit syslog-ng 2.1.3 Balabit syslog-ng 2.1.2 Balabit syslog-ng 2.1.1 Balabit syslog-ng 2.0.5 Balabit syslog-ng 2.0.4 Balabit syslog-ng 2.0.3 Balabit syslog-ng 2.0.2 Balabit syslog-ng 2.0.1 Balabit syslog-ng 1.5.21 Balabit syslog-ng 1.5.20 Balabit syslog-ng 1.5.15 Balabit syslog-ng 1.4.16 Balabit syslog-ng 1.4.15 Balabit syslog-ng 1.4.14 + Conectiva Linux 8.0 Balabit syslog-ng 1.4.12 Balabit syslog-ng 1.4.11 Balabit syslog-ng 1.4.10 + EnGarde Secure Linux 1.0.1 Balabit syslog-ng 1.4.9 Balabit syslog-ng 1.4.8 Balabit syslog-ng 1.4.7 Balabit syslog-ng 1.4.6 Balabit syslog-ng 1.4 .0rc3 Axis Communications StorPoint 1.4.16 Axis Communications StorPoint 1.4.15

Not Vulnerable:	Balabit syslog-ng 2.1.8 Balabit syslog-ng 2.0.6