Memory leak in rsyslog - CVE-2011-1490
Published: November 14, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30621
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1490
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: rsyslog.com
Affected software:
rsyslog
rsyslog
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. A remote attacker can perform a denial of service attack.
How to mitigate CVE-2011-1490
Update to version 5.7.6.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
- https://access.redhat.com/security/cve/cve-2011-1490
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
- https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
- https://security-tracker.debian.org/tracker/CVE-2011-1490