ID CVE-2011-1951
Summary lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
References
Vulnerable Configurations
  • cpe:2.3:a:balabit:syslog-ng:3.2.3:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2.3:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.2.2:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2.2:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.2.1:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2.1:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.2:beta1:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2:beta1:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.2:alpha1:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2:alpha1:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.2:alpha2:open_source
    cpe:2.3:a:balabit:syslog-ng:3.2:alpha2:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1:beta1:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1:beta1:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1:beta2:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1:beta2:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1.4:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1.4:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1.3:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1.3:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1.2:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1.2:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1.1:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1.1:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.1.0:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.1.0:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.9:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.9:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.8:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.8:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.7:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.7:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.6:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.6:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.5:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.5:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.4:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.4:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.3:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.3:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.2:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.2:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.1:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.1:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0.10:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0.10:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:3.0:-:open_source
    cpe:2.3:a:balabit:syslog-ng:3.0:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:2.1.4:-:open_source
    cpe:2.3:a:balabit:syslog-ng:2.1.4:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:2.1.3:-:open_source
    cpe:2.3:a:balabit:syslog-ng:2.1.3:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:2.1:-:open_source
    cpe:2.3:a:balabit:syslog-ng:2.1:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:2.0.10:-:open_source
    cpe:2.3:a:balabit:syslog-ng:2.0.10:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:2.0:-:open_source
    cpe:2.3:a:balabit:syslog-ng:2.0:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.9:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.9:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.5:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.5:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.4:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.4:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.3:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.3:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.6:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.6:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.2:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.2:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.1:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.1:-:open_source
  • cpe:2.3:a:balabit:syslog-ng:1.0:-:open_source
    cpe:2.3:a:balabit:syslog-ng:1.0:-:open_source
  • PCRE 8.12
    cpe:2.3:a:pcre:pcre:8.12
CVSS
Base: 4.3 (as of 12-07-2011 - 09:51)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8405.NASL
    description Patch for CVE-2011-1951 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 55462
    published 2011-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55462
    title Fedora 14 : syslog-ng-3.1.4-4.fc14 (2011-8405)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2017-04-15
    plugin id 79962
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79962
    title GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
refmap via4
bid 47800
confirm http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
fedora FEDORA-2011-8405
misc https://bugzilla.redhat.com/show_bug.cgi?id=709088
mlist [oss-security] 20110526 CVE Request -- syslog-ng -- Possible DoS
secunia 45122
Last major update 12-07-2011 - 00:00
Published 11-07-2011 - 16:55
Back to Top