Denial of Service Flaw in Balabit Syslog-NG Supported by Template Filenames
CVE-2002-1200

Currently unrated

Key Information:

Vendor

Oneidentity

Status
Syslog-ng
Vendor
CVE Published:
28 October 2002

What is CVE-2002-1200?

Balabit Syslog-NG versions prior to 1.4.15 in the 1.4.x series and prior to 1.5.20 in the 1.5.x series exhibit a vulnerability when utilizing template filenames or outputs. This flaw stems from the software's failure to properly manage buffer sizes during macro expansions, which can be exploited by remote attackers. As a result, these attackers could initiate a denial of service or potentially execute arbitrary code on the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
x_refsource_CONFIRM
http://www.securityfocus.com/bid/5934
vdb-entryx_refsource_BID
http://www.linuxsecurity.com/advisories/other_advisory-25...
vendor-advisoryx_refsource_ENGARDE

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.