[ http://issues.apache.org/jira/browse/LOG4NET-67?page=all ]
Nicko Cadell resolved LOG4NET-67:
---------------------------------
Resolution: Fixed
Fix checked in
> CVE-2006-0743 Security vulnerability in LocalSyslogAppender
> -----------------------------------------------------------
>
> Key: LOG4NET-67
> URL: http://issues.apache.org/jira/browse/LOG4NET-67
> Project: Log4net
> Type: Bug
> Components: Appenders
> Versions: 1.2.9
> Reporter: Nicko Cadell
> Assignee: Nicko Cadell
> Priority: Critical
> Fix For: 1.2.10
>
> Reported by Sebastian Krahmer to [EMAIL PROTECTED]
> Logged as CVE-2006-0743
> The LocalSyslogAppender contains a vulnerability which could lead to memory
> corruption within the runtime process. This is likely to cause the
> application using the LocalSyslogAppender to terminate unexpectedly. In
> addition to a deliberate denial of service attack this fault may be caused by
> logging legitimate data therefore the LocalSyslogAppender must not be used
> even within secured environments.
> Current users of the LocalSyslogAppender (from the log4net 1.2.9 release)
> should update their logging configuration to remove references to the
> LocalSyslogAppender. Alternatively users can build a new version of the
> log4net assembly from the head of the source code repository where this fault
> has been fixed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
