[MBT] new ticket for pkg syslog-ng "buffer overflow"
bugs at pld.org.pl
bugs at pld.org.pl
Mon Jan 27 15:53:26 CET 2003
Date: 2003-01-27 15:53:26+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: buffer overflow
Ticket ID: #545
Ticket URL: http://bugs.pld.org.pl/?bug=545
Package: syslog-ng-1.4.15-8
Distribution: PLD-Ra.main
Category: security problem
Current state: opened
Text:
There is a mention about a security problem but no details are given so I don't know if this is fixed or not.
DSA 175-1:
P?ter H?ltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer.
More information about the pld-bugs
mailing list