Memory leak in rsyslog - CVE-2011-1489
Published: November 14, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30620
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1489
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: rsyslog.com
Affected software:
rsyslog
rsyslog
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. A remote attacker can perform a denial of service attack.
How to mitigate CVE-2011-1489
Update to version 5.7.6.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
- https://access.redhat.com/security/cve/cve-2011-1489
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
- https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
- https://security-tracker.debian.org/tracker/CVE-2011-1489