Test ID:	1.3.6.1.4.1.25623.1.0.51553
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:547
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:547. syslog-ng[1] is a syslog replacement with several enhancements and new features. syslog-ng has a buffer overflow vulnerability[4] that could be exploited by remote attackers if certain conditions are met. The vulnerability lies in the code which deals with macro expansion in the syslog-ng.conf configuration file. For example, one common configuration which uses macros could be the following: destination d_messages_by_host {file(/var/log/$HOST/messages) } This configuration would replace the $HOST part with the hostname of the machine sending the log. When dealing with this expansion, syslog-ng fails to account for characters which are not part of the macro, which leads to incorrect bounds checking and a possible buffer overflow if there are enough non-macro characters being used. Only users who use some sort of macro expansion in the configuration file are vulnerable to this problem. This is not the default configuration of the package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:547 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.