[rsyslog] security issue in rsyslog
Rainer Gerhards
rgerhards at hq.adiscon.com
Mon Dec 1 10:55:12 CET 2008
Hi folks,
thanks to a bug report, I found out that the $AllowedSender directive
does not work in all releases. The bug in question is:
http://bugzilla.adiscon.com/show_bug.cgi?id=111
Im am currently working on the bug. Obviously, this can lead to messages
being received from systems that are not permitted so. As a work-around,
proper firewalling should be set up on the vulnerable hosts. Until
further note, I would assume that all versions of rsyslog are affected
(I will provide more detail during my analysis).
Thanks,
Rainer
More information about the rsyslog
mailing list