Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

Published

2019-11-14T02:15:10.797

Last Modified

2024-11-21T01:26:25.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-772

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rsyslog	rsyslog	< 5.7.6	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html Mailing List, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/cve-2011-1489 Exploit, Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a Patch, Third Party Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2011-1489 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/cve-2011-1489 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2011-1489 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)