CVE-2006-0743 Security vulnerability in LocalSyslogAppender
-----------------------------------------------------------
Key: LOG4NET-67
URL: http://issues.apache.org/jira/browse/LOG4NET-67
Project: Log4net
Type: Bug
Components: Appenders
Versions: 1.2.9
Reporter: Nicko Cadell
Assigned to: Nicko Cadell
Priority: Critical
Fix For: 1.2.10
Reported by Sebastian Krahmer to [EMAIL PROTECTED]
Logged as CVE-2006-0743
The LocalSyslogAppender contains a vulnerability which could lead to memory
corruption within the runtime process. This is likely to cause the application
using the LocalSyslogAppender to terminate unexpectedly. In addition to a
deliberate denial of service attack this fault may be caused by logging
legitimate data therefore the LocalSyslogAppender must not be used even within
secured environments.
Current users of the LocalSyslogAppender (from the log4net 1.2.9 release)
should update their logging configuration to remove references to the
LocalSyslogAppender. Alternatively users can build a new version of the log4net
assembly from the head of the source code repository where this fault has been
fixed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
