Vulnerability CVE-2011-1490


Published: 2019-11-14

Description:
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset

Type:

CWE-772

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Rsyslog -> Rsyslog 
Opensuse -> Opensuse 
Debian -> Debian linux 

 References:
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
https://access.redhat.com/security/cve/cve-2011-1490
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
https://security-tracker.debian.org/tracker/CVE-2011-1490

Copyright 2024, cxsecurity.com

 

Back to Top