Ubuntu 11.04 : rsyslog vulnerability (USN-1338-1)
Low Nessus Plugin ID 57662
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionPeter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected rsyslog package.