Vulnerability CVE-2011-1489
Published: 2019-11-14

Description:
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

Type:

CWE-772

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Rsyslog -> Rsyslog 
Opensuse -> Opensuse 
Debian -> Debian linux 

 References:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
https://access.redhat.com/security/cve/cve-2011-1489
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
https://security-tracker.debian.org/tracker/CVE-2011-1489
Copyright 2024, cxsecurity.com

 

Back to Top