Lucene search
GoogleOSV:DSA-1464-1HistoryJan 15, 2008 - 12:00 a.m.
syslog-ng - denial of service
2008-01-1500:00:00
Google
osv.dev
10
EPSS
0.434
Percentile
97.4%
Oriol Carreras discovered that syslog-ng, a next generation logging
daemon can be tricked into dereferencing a NULL pointer through
malformed timestamps, which can lead to denial of service and the
disguise of an subsequent attack, which would otherwise be logged.
The old stable distribution (sarge) is not affected.
For the stable distribution (etch), this problem has been fixed in
version 2.0.0-1etch1.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.6-1.
We recommend that you upgrade your syslog-ng package.
References
Related
nessus
nessus
Fedora 8 : syslog-ng-2.0.7-1.fc8 (2008-0523)
2008-01-21 00:00:00
GLSA-200712-19 : Syslog-ng: Denial of Service
2007-12-31 00:00:00
Debian DSA-1464-1 : syslog-ng - NULL pointer dereference
2008-01-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-19 (syslog-ng)
2008-09-24 00:00:00
Debian Security Advisory DSA 1464-1 (syslog-ng)
2008-01-31 00:00:00
Gentoo Security Advisory GLSA 200712-19 (syslog-ng)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2007-6437
2007-12-19 00:00:00
prion
prion
Null pointer dereference
2007-12-19 21:46:00
cvelist
cvelist
CVE-2007-6437
2007-12-19 21:00:00
gentoo
gentoo
Syslog-ng: Denial of service
2007-12-29 00:00:00
debian
debian
[SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service
2008-01-15 23:47:39
debiancve
debiancve
CVE-2007-6437
2007-12-19 21:46:00
cve
cve
CVE-2007-6437
2007-12-19 21:46:00
fedora
fedora
[SECURITY] Fedora 7 Update: syslog-ng-2.0.7-1.fc7
2008-01-18 23:56:40
[SECURITY] Fedora 8 Update: syslog-ng-2.0.7-1.fc8
2008-01-18 23:56:16
nvd
nvd
CVE-2007-6437
2007-12-19 21:46:00