• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Syslog-ng Macro Expansion Remote Buffer Overflow Vulnerability

Solution:
EnGarde Secure Linux has released a new advisory, ESA-20021029-028, that obsoletes ESA-20021016-025. New fixes are available.

SuSE has released an advisory. Fixes are available.

Fixes have been made available:


Balabit syslog-ng 1.4 .0rc3

• Debian syslog-ng_1.4.0rc3-3.2_alpha.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_alpha.deb


• Debian syslog-ng_1.4.0rc3-3.2_arm.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_arm.deb


• Debian syslog-ng_1.4.0rc3-3.2_i386.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_i386.deb


• Debian syslog-ng_1.4.0rc3-3.2_m68k.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_m68k.deb


• Debian syslog-ng_1.4.0rc3-3.2_powerpc.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_powerpc.deb


• Debian syslog-ng_1.4.0rc3-3.2_sparc.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4 .0rc3-3.2_sparc.deb

Balabit syslog-ng 1.4.10

• EnGarde Secure Linux syslog-ng-1.4.10-1.0.25.i386.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/syslog-ng-1 .4.10-1.0.25.i386.rpm


• EnGarde Secure Linux syslog-ng-1.4.10-1.0.25.i686.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/syslog-ng-1 .4.10-1.0.25.i686.rpm


• EnGarde Secure Linux syslog-ng-1.4.10-1.0.26.i386.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/syslog-ng-1 .4.10-1.0.26.i386.rpm


• EnGarde Secure Linux syslog-ng-1.4.10-1.0.26.i686.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/syslog-ng-1 .4.10-1.0.26.i686.rpm

Balabit syslog-ng 1.4.11

• S.u.S.E. syslog-ng-1.4.11-26.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/syslog-ng-1.4.11-26.alph a.rpm


• S.u.S.E. syslog-ng-1.4.11-26.src.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/syslog-ng-1.4.11-26.src .rpm


• S.u.S.E. syslog-ng-1.4.11-30.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/syslog-ng-1.4.11-30.ppc. rpm


• S.u.S.E. syslog-ng-1.4.11-30.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/syslog-ng-1.4.11-30.src .rpm


• S.u.S.E. syslog-ng-1.4.11-88.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/syslog-ng-1.4.11-88.i38 6.rpm


• S.u.S.E. syslog-ng-1.4.11-88.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/syslog-ng-1.4.11-88.sr c.rpm


• S.u.S.E. syslog-ng-1.4.11-89.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/syslog-ng-1.4.11-89.i38 6.rpm


• S.u.S.E. syslog-ng-1.4.11-89.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/syslog-ng-1.4.11-89.sr c.rpm

Balabit syslog-ng 1.4.12

• S.u.S.E. syslog-ng-1.4.11-89.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/syslog-ng-1.4.11-89.i38 6.rpm


• S.u.S.E. syslog-ng-1.4.12-30.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/syslog-ng-1.4.12-30.sp arc.rpm


• S.u.S.E. syslog-ng-1.4.12-30.src.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/syslog-ng-1.4.12-30.s rc.rpm


• S.u.S.E. syslog-ng-1.4.12-57.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/syslog-ng-1.4.12-57.ppc. rpm


• S.u.S.E. syslog-ng-1.4.12-57.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/syslog-ng-1.4.12-57.src .rpm


• S.u.S.E. syslog-ng-1.4.12-72.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/syslog-ng-1.4.12-72.i38 6.rpm


• S.u.S.E. syslog-ng-1.4.12-72.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/syslog-ng-1.4.12-72.sr c.rpm

Balabit syslog-ng 1.4.14

• Conectiva syslog-ng-1.4.14-3U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/syslog-ng-1.4.14-3U80_1cl.i 386.rpm


• S.u.S.E. syslog-ng-1.4.11-89.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/syslog-ng-1.4.11-89.i38 6.rpm


• S.u.S.E. syslog-ng-1.4.14-319.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/syslog-ng-1.4.14-319.i3 86.rpm


• S.u.S.E. syslog-ng-1.4.14-319.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/syslog-ng-1.4.14-319.s rc.rpm


• S.u.S.E. syslog-ng-1.4.14-321.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/syslog-ng-1.4.14- 321.i586.rpm


• S.u.S.E. syslog-ng-1.4.14-321.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/syslog-ng-1.4.14-3 21.src.rpm

Axis Communications StorPoint 1.4.15

• Balabit syslog-ng 1.4.15/1.5.20 patch
  http://downloads.securityfocus.com/vulnerabilities/patches/syslog-ng.p atch


• Balabit Syslog-ng 1.4.16
  http://www.balabit.hu/en/downloads/syslog-ng/downloads/

Balabit syslog-ng 1.4.15

• Balabit syslog-ng 1.4.15/1.5.20 patch
  http://downloads.securityfocus.com/vulnerabilities/patches/syslog-ng.p atch


• Balabit Syslog-ng 1.4.16
  http://www.balabit.hu/en/downloads/syslog-ng/downloads/

Balabit syslog-ng 1.5.15

• Debian syslog-ng_1.5.15-1.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_alpha.deb


• Debian syslog-ng_1.5.15-1.1_arm.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_arm.deb


• Debian syslog-ng_1.5.15-1.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_hppa.deb


• Debian syslog-ng_1.5.15-1.1_i386.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_i386.deb


• Debian syslog-ng_1.5.15-1.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_ia64.deb


• Debian syslog-ng_1.5.15-1.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_m68k.deb


• Debian syslog-ng_1.5.15-1.1_mips.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_mips.deb


• Debian syslog-ng_1.5.15-1.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_mipsel.deb


• Debian syslog-ng_1.5.15-1.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_powerpc.deb


• Debian syslog-ng_1.5.15-1.1_s390.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_s390.deb


• Debian syslog-ng_1.5.15-1.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5 .15-1.1_sparc.deb

Balabit syslog-ng 1.5.20

• Balabit syslog-ng 1.4.15/1.5.20 patch
  http://downloads.securityfocus.com/vulnerabilities/patches/syslog-ng.p atch


• Balabit Syslog-ng 1.5.21
  http://www.balabit.hu/en/downloads/syslog-ng/downloads/