Critical Description
Reported by Sebastian Krahmer to security@apache.org
Logged as CVE-2006-0743
The LocalSyslogAppender contains a vulnerability which could lead to memory corruption within the runtime process. This is likely to cause the application using the LocalSyslogAppender to terminate unexpectedly. In addition to a deliberate denial of service attack this fault may be caused by logging legitimate data therefore the LocalSyslogAppender must not be used even within secured environments.
Current users of the LocalSyslogAppender (from the log4net 1.2.9 release) should update their logging configuration to remove references to the LocalSyslogAppender. Alternatively users can build a new version of the log4net assembly from the head of the source code repository where this fault has been fixed.