Out-of-Bounds Affecting rsyslog-gssapi package, versions <0:4.6.2-3.el6_1.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL6-RSYSLOGGSSAPI-1430669
- published 26 Jul 2021
- disclosed 1 Sep 2011
Introduced: 1 Sep 2011
CVE-2011-3200 Open this link in a new tabHow to fix?
Upgrade RHEL:6 rsyslog-gssapi to version 0:4.6.2-3.el6_1.2 or higher.
This issue was patched in RHSA-2011:1247.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rsyslog-gssapi package and not the rsyslog-gssapi package as distributed by RHEL.
See How to fix? for RHEL:6 relevant fixed versions and status.
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.
References
- http://www.securityfocus.com/bid/49413
- http://git.adiscon.com/?p=rsyslog.git;a=commit;h=1ca6cc236d1dabf1633238b873fb1c057e52f95e
- https://bugzilla.redhat.com/show_bug.cgi?id=727644
- http://www.rsyslog.com/potential-dos-with-malformed-tag/
- https://access.redhat.com/security/cve/CVE-2011-3200
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065837.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:134
- http://www.redhat.com/support/errata/RHSA-2011-1247.html
- https://access.redhat.com/errata/RHSA-2011:1247
- http://securitytracker.com/id?1026000
- http://secunia.com/advisories/45922
- http://secunia.com/advisories/46027
- http://lists.opensuse.org/opensuse-updates/2011-09/msg00013.html
- http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=1ca6cc236d1dabf1633238b873fb1c057e52f95e