[rsyslog] security issue in rsyslog
Rainer Gerhards
rgerhards at hq.adiscon.com
Mon Dec 1 11:26:56 CET 2008
Version v2-stable is NOT vulnerable.
Rainer
> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Monday, December 01, 2008 10:55 AM
> To: rsyslog-users
> Subject: [rsyslog] security issue in rsyslog
>
> Hi folks,
>
> thanks to a bug report, I found out that the $AllowedSender directive
> does not work in all releases. The bug in question is:
>
> http://bugzilla.adiscon.com/show_bug.cgi?id=111
>
> Im am currently working on the bug. Obviously, this can lead to
> messages
> being received from systems that are not permitted so. As a work-
> around,
> proper firewalling should be set up on the vulnerable hosts. Until
> further note, I would assume that all versions of rsyslog are affected
> (I will provide more detail during my analysis).
>
> Thanks,
> Rainer
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
More information about the rsyslog
mailing list