An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service (rsyslogd daemon hang) via specially-crafted message, to be logged. Upstream bug report: [1] http://bugzilla.adiscon.com/show_bug.cgi?id=221 Upstream patch: [2] http://git.adiscon.com/?p=rsyslog.git;a=commit;h=6bad782f154b7f838c7371bf99c13f6dc4ec4101
Hi, thanks for reporting this. If I'm not mistaken this bug affects <app-admin/rsyslog-5.7.4 Note: none of the currently in tree ebuilds are affected by this vulnerability.
Thanks, Ultrabug. Am I correct to think this was first fixed for stable users in =app-admin/rsyslog-5.8.5? GLSA Vote: yes.
Yes Tim, I indeed remember it that way, thanks.
Votes: YES. GLSA request filed.
CVE-2011-4623 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4623): Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201412-35 at http://security.gentoo.org/glsa/glsa-201412-35.xml by GLSA coordinator Yury German (BlueKnight).
