SQL Injection Vulnerability in rsyslogd
An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take...
View Article$AllowedSender not honored
A primitive way of access control is offered in rsyslog via the $AllowedSender configuration directive. It permits the operator to specify hosts from which messages are being accepted. If the directive...
View ArticlePotential DoS with malformed TAG
If a malformed, severely too long TAG is used in legacy (RFC3164) syslog messages, rsyslog can abort based on the conditions described in this security advisory. CVE: CVE-2011-3200 Affected Stable...
View Articleremote syslog PRI vulnerability – CVE: CVE-2014-3634
=============================== CVE: CVE-2014-3634 Status of this report ——————— FINAL Reporter ——- Rainer Gerhards, rsyslog project lead Affected ——– – rsyslog, most probably all versions (checked...
View Articleremote syslog PRI vulnerability – CVE: CVE-2014-3683
remote syslog PRI vulnerability =============================== CVE: CVE-2014-3683 Status of this report ——————— FINAL Updated 2014-10-06: effect on sysklogd milder than in initial assesment Reporter...
View Articlelibrelp stack buffer overflow vulnerability (CVE-2018-1000140)
On Monday March 19th, 2018, the librelp development team was informed by the security team at lgtm.com (Semmle) about a critical security vulnerability in librelp. The vulnerability is a long-standing...
View Article