#VU30620 Memory leak in rsyslog - CVE-2011-1489
Published: November 14, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30620
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1489
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
rsyslog
rsyslog
Software vendor:
rsyslog.com
rsyslog.com
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. A remote attacker can perform a denial of service attack.
Remediation
Update to version 5.7.6.
External links
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
- https://access.redhat.com/security/cve/cve-2011-1489
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
- https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
- https://security-tracker.debian.org/tracker/CVE-2011-1489