FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rsyslog -- remote syslog PRI vulnerability

Affected packages
rsyslog < 7.6.7
rsyslog8 < 8.4.2

Details

VuXML ID 8e0e86ff-48b5-11e4-ab80-000c29f6ae42
Discovery 2014-09-30
Entry 2014-09-30
Modified 2014-10-02

The rsyslog project reports:

potential abort when a message with PRI > 191 was processed if the "pri-text" property was used in active templates, this could be abused to a remote denial of service from permitted senders

The original fix for CVE-2014-3634 was not adequate.

References

CVE Name CVE-2014-3634
URL http://www.rsyslog.com/remote-syslog-pri-vulnerability/