Hi,
our syslogd is also vulnerable to rsyslog's CVE-2014-3634. The CVE is
about parsing the priority from network clients. The priority boundary
isn't properly checked, which could lead to out of bounds access later on.
sysklogd's commit message is pretty extensive, so have a read here:
On Sun, Oct 12, 2014 at 4:12 AM, Tobias Stoeckmann
tob...@stoeckmann.org wrote:
our syslogd is also vulnerable to rsyslog's CVE-2014-3634. The CVE is
about parsing the priority from network clients. The priority boundary
isn't properly checked, which could lead to out of bounds access later
On Sun, Oct 12, 2014 at 11:47:36AM -0700, Philip Guenther wrote:
Have you actually managed to make it crash? I've already committed a
check for this when this first came out, mapping out of bounds pri
values to LOG_USER, and at that time no one was able to crash the code
without the check...
On 2014/10/12 11:47, Philip Guenther wrote:
On Sun, Oct 12, 2014 at 4:12 AM, Tobias Stoeckmann
tob...@stoeckmann.org wrote:
our syslogd is also vulnerable to rsyslog's CVE-2014-3634. The CVE is
about parsing the priority from network clients. The priority boundary
isn't properly checked,
