Test Kennung:	1.3.6.1.4.1.25623.1.0.51553
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:547
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:547. syslog-ng[1] is a syslog replacement with several enhancements and new features. syslog-ng has a buffer overflow vulnerability[4] that could be exploited by remote attackers if certain conditions are met. The vulnerability lies in the code which deals with macro expansion in the syslog-ng.conf configuration file. For example, one common configuration which uses macros could be the following: destination d_messages_by_host {file(/var/log/$HOST/messages) } This configuration would replace the $HOST part with the hostname of the machine sending the log. When dealing with this expansion, syslog-ng fails to account for characters which are not part of the macro, which leads to incorrect bounds checking and a possible buffer overflow if there are enough non-macro characters being used. Only users who use some sort of macro expansion in the configuration file are vulnerable to this problem. This is not the default configuration of the package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:547 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.