An integer signedness error, leading to heap based buffer overflow was found in
the way the imfile module of rsyslog, an enhanced system logging and kernel
message trapping daemon, processed text files larger than 64 KB. When the
imfile rsyslog module was enabled, a local attacker could use this flaw to
cause denial of service (rsyslogd daemon hang) via specially-crafted message,
to be logged.
Upstream bug report:
Hi, thanks for reporting this.
If I'm not mistaken this bug affects <app-admin/rsyslog-5.7.4
Note: none of the currently in tree ebuilds are affected by this vulnerability.
Thanks, Ultrabug. Am I correct to think this was first fixed for stable users in =app-admin/rsyslog-5.8.5?
GLSA Vote: yes.
Yes Tim, I indeed remember it that way, thanks.
Votes: YES. GLSA request filed.
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in
the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x
before 6.1.4 allows local users to cause a denial of service (daemon hang)
via a large file, which triggers a heap-based buffer overflow.
This issue was resolved and addressed in
GLSA 201412-35 at http://security.gentoo.org/glsa/glsa-201412-35.xml
by GLSA coordinator Yury German (BlueKnight).