2012-09-26 01:55:01 2012-09-26 06:00:00

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Rsyslog Rsyslog 5.1.3 (not an official CPE) Rsyslog Rsyslog 5.1.2 (not an official CPE) Rsyslog Rsyslog 5.1.1 (not an official CPE) Rsyslog Rsyslog 5.1.0 (not an official CPE) Rsyslog Rsyslog 6.1.0 (not an official CPE) Rsyslog Rsyslog 6.1.2 (not an official CPE) Rsyslog Rsyslog 6.1.1 (not an official CPE) Rsyslog Rsyslog 4.1.0 (not an official CPE) Rsyslog Rsyslog 4.1.1 (not an official CPE) Rsyslog Rsyslog 4.1.2 (not an official CPE) Rsyslog Rsyslog 4.1.3 (not an official CPE) Rsyslog Rsyslog 4.1.4 (not an official CPE) Rsyslog Rsyslog 4.1.6 (not an official CPE) Rsyslog Rsyslog 4.1.5 (not an official CPE) Rsyslog Rsyslog 6.1.3 (not an official CPE) Rsyslog Rsyslog 5.7.1 (not an official CPE) Rsyslog Rsyslog 5.7.0 (not an official CPE) Rsyslog Rsyslog 5.7.3 (not an official CPE) Rsyslog Rsyslog 5.7.2 (not an official CPE) Rsyslog Rsyslog 5.1.4 (not an official CPE) Rsyslog Rsyslog 5.1.5 (not an official CPE) Rsyslog Rsyslog 4.6.0 (not an official CPE) Rsyslog Rsyslog 4.6.1 (not an official CPE) Rsyslog Rsyslog 5.5.3 (not an official CPE) Rsyslog Rsyslog 5.3.4 (not an official CPE) Rsyslog Rsyslog 5.5.2 (not an official CPE) Rsyslog Rsyslog 5.3.5 (not an official CPE) Rsyslog Rsyslog 5.5.5 (not an official CPE) Rsyslog Rsyslog 5.3.6 (not an official CPE) Rsyslog Rsyslog 5.5.4 (not an official CPE) Rsyslog Rsyslog 5.3.7 (not an official CPE) Rsyslog Rsyslog 5.4.0 (not an official CPE) Rsyslog Rsyslog 5.5.7 (not an official CPE) Rsyslog Rsyslog 5.5.6 (not an official CPE) Rsyslog Rsyslog 5.6.4 (not an official CPE) Rsyslog Rsyslog 5.6.3 (not an official CPE) Rsyslog Rsyslog 4.5.0 (not an official CPE) Rsyslog Rsyslog 5.6.5 (not an official CPE) Rsyslog Rsyslog 5.3.2 (not an official CPE) Rsyslog Rsyslog 5.3.3 (not an official CPE) Rsyslog Rsyslog 5.6.2 (not an official CPE) Rsyslog Rsyslog 5.6.1 (not an official CPE) Rsyslog Rsyslog 5.3.1 (not an official CPE) Rsyslog Rsyslog 4.5.2 (not an official CPE) Rsyslog Rsyslog 4.5.1 (not an official CPE) Rsyslog Rsyslog 4.5.4 (not an official CPE) Rsyslog Rsyslog 4.5.3 (not an official CPE) Rsyslog Rsyslog 5.4.2 (not an official CPE) Rsyslog Rsyslog 5.4.1 (not an official CPE) Rsyslog Rsyslog 4.5.8 (not an official CPE) Rsyslog Rsyslog 4.5.7 (not an official CPE) Rsyslog Rsyslog 4.5.6 (not an official CPE) Rsyslog Rsyslog 4.5.5 (not an official CPE) Rsyslog Rsyslog 4.2.0 (not an official CPE) Rsyslog Rsyslog 4.1.7 (not an official CPE) Rsyslog Rsyslog 4.3.1 (not an official CPE) Rsyslog Rsyslog 5.1.6 (not an official CPE) Rsyslog Rsyslog 4.3.2 (not an official CPE) Rsyslog Rsyslog 4.3.0 (not an official CPE) Rsyslog Rsyslog 5.6.0 (not an official CPE) Rsyslog Rsyslog 5.5.1 (not an official CPE) Rsyslog Rsyslog 5.5.0 (not an official CPE) Rsyslog Rsyslog 4.4.0 (not an official CPE) Rsyslog Rsyslog 4.4.1 (not an official CPE) Rsyslog Rsyslog 4.4.2 (not an official CPE) Rsyslog Rsyslog 5.2.0 (not an official CPE) Rsyslog Rsyslog 5.2.2 (not an official CPE) Rsyslog Rsyslog 5.2.1 (not an official CPE) Rsyslog Rsyslog 4.6.5 (not an official CPE) Rsyslog Rsyslog 4.6.4 (not an official CPE) Rsyslog Rsyslog 4.6.3 (not an official CPE) Rsyslog Rsyslog 4.6.2 (not an official CPE)