[#LOG4NET-67] CVE-2006-0743 Security vulnerability in LocalSyslogAppender

Log4net

CVE-2006-0743 Security vulnerability in LocalSyslogAppender

Created: 08/Mar/06 12:48 AM Updated: 08/Mar/06 12:50 AM

Component/s:

Appenders

Affects Version/s:

1.2.9

Fix Version/s:

1.2.10

Time Tracking:

Not Specified

Resolution Date:	08/Mar/06 12:50 AM
Labels:

Description

« Hide

Reported by Sebastian Krahmer to security@apache.org
Logged as CVE-2006-0743

The LocalSyslogAppender contains a vulnerability which could lead to memory corruption within the runtime process. This is likely to cause the application using the LocalSyslogAppender to terminate unexpectedly. In addition to a deliberate denial of service attack this fault may be caused by logging legitimate data therefore the LocalSyslogAppender must not be used even within secured environments.

Current users of the LocalSyslogAppender (from the log4net 1.2.9 release) should update their logging configuration to remove references to the LocalSyslogAppender. Alternatively users can build a new version of the log4net assembly from the head of the source code repository where this fault has been fixed.

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Repository	Revision	Date	User	Message
ASF	#383927	Tue Mar 07 16:50:07 UTC 2006	nicko	Fix for ~~LOG4NET-67~~. CVE-2006-0743 Security vulnerability in LocalSyslogAppender
				Files Changed
				MODIFY /logging/log4net/trunk/src/Appender/LocalSyslogAppender.cs

[ Permalink | « Hide ]

Nicko Cadell added a comment - 08/Mar/06 12:50 AM

Fix checked in

Nicko Cadell made changes - 08/Mar/06 12:50 AM

Field	Original Value	New Value
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Resolved [ 5 ]