Denial of Service Flaw in Balabit Syslog-NG Supported by Template Filenames
CVE-2002-1200

Currently unrated

Key Information:

Vendor: Oneidentity
Status: Syslog-ng
Vendor: CVE Published:; 28 October 2002

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2002-1200?

Balabit Syslog-NG versions prior to 1.4.15 in the 1.4.x series and prior to 1.5.20 in the 1.5.x series exhibit a vulnerability when utilizing template filenames or outputs. This flaw stems from the software's failure to properly manage buffer sizes during macro expansions, which can be exploited by remote attackers. As a result, these attackers could initiate a denial of service or potentially execute arbitrary code on the affected system.

References

http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt

x_refsource_CONFIRM

http://www.securityfocus.com/bid/5934

vdb-entryx_refsource_BID

http://www.linuxsecurity.com/advisories/other_advisory-25...

vendor-advisoryx_refsource_ENGARDE

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2002
Vulnerability Reserved
Oct 11, 2002