Summary
The remote host is missing an update to syslog-ng
announced via advisory DSA 1464-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201464-1
Insight
Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged.
For the unstable distribution (sid), this problem has been fixed in version 2.0.6-1.
For the stable distribution (etch), this problem has been fixed in version 2.0.0-1etch1.
The old stable distribution (sarge) is not affected.
We recommend that you upgrade your syslog-ng package.
Severity
Classification
-
CVE CVE-2007-6437 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities