Bug 426173 (CVE-2007-6437)

Summary: CVE-2007-6437 syslog-ng crash by message with invalid timestamp separator
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: pvrabec, silfreed
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://seclists.org/bugtraq/2007/Dec/0202.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-17 10:09:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 304121, 426305, 426306, 426307    
Bug Blocks:    

Description Lubomir Kundrak 2007-12-18 23:11:55 UTC 
From Secunia:

DESCRIPTION:
A vulnerability has been reported in syslog-ng, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the improper processing of
incoming timestamps. This can be exploited to trigger a NULL pointer
dereference via a specially crafted message containing a timestamp
without a terminating space character.

The vulnerability is reported in syslog-ng versions prior to 2.0.6

See URL for the original advisory and a patch.
http://seclists.org/bugtraq/2007/Dec/0202.html
http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
Comment 1 Lubomir Kundrak 2007-12-18 23:13:13 UTC 
Bump 2.0.6 would also fix the issue.
Comment 2 Lubomir Kundrak 2007-12-18 23:15:07 UTC 
CVE ID was requested
Comment 3 Douglas E. Warner 2007-12-19 00:10:53 UTC 
I'm working on getting 2.0.6 built in rawhide right now.
Comment 5 Fedora Update System 2008-01-11 22:21:22 UTC 
syslog-ng-2.0.7-1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update syslog-ng'
Comment 6 Fedora Update System 2008-01-11 22:25:04 UTC 
syslog-ng-2.0.7-1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update syslog-ng'
Comment 7 Red Hat Product Security 2008-01-17 10:09:08 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0559
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0523
Comment 8 Fedora Update System 2008-01-18 23:56:04 UTC 
syslog-ng-2.0.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-01-18 23:56:34 UTC 
syslog-ng-2.0.7-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.