Launchpad.net

CVE 2007-6437

Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.

Related bugs and status

CVE-2007-6437 (Candidate) is related to these bugs:

Bug #183389: [SECURITY] CVE-2007-6437 prone to denial of service attack

		In	Importance	Status
183389	[SECURITY] CVE-2007-6437 prone to denial of service attack	syslog-ng (Ubuntu)	Undecided	Fix Released
183389	[SECURITY] CVE-2007-6437 prone to denial of service attack	syslog-ng (Ubuntu Gutsy)	High	Fix Released
183389	[SECURITY] CVE-2007-6437 prone to denial of service attack	syslog-ng (Ubuntu Feisty)	High	Fix Released
183389	[SECURITY] CVE-2007-6437 prone to denial of service attack	syslog-ng (Ubuntu Edgy)	High	Fix Released
183389	[SECURITY] CVE-2007-6437 prone to denial of service attack	syslog-ng (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20071217 ZSA-2007-029:...
SECTRACK: 1019105
SECUNIA: 28118
GENTOO: GLSA-200712-19
BID: 26897
SECUNIA: 28279
DEBIAN: DSA-1464
SECUNIA: 28483
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-0523
FEDORA: FEDORA-2008-0559
SECUNIA: 28372
OSVDB: 39551
VUPEN: ADV-2007-4257
XF: syslogng-timestamp-dos...
BUGTRAQ: 20071217 Re: [syslog-n...