Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability has been discovered and corrected in rsyslog :

An integer signedness error, leading to heap based buffer overflow was
found in the way the imfile module of rsyslog, an enhanced system
logging and kernel message trapping daemon, processed text files
larger than 64 KB. When the imfile rsyslog module was enabled, a local
attacker could use this flaw to cause denial of service (rsyslogd
daemon hang) via specially crafted message, to be logged
(CVE-2011-4623).

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 59710 ()

Bugtraq ID: 51171

CVE ID: CVE-2011-4623

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now