NVD Vulnerability Detail

CVE-2011-1490

Summary	A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
Publication Date	Nov. 14, 2019, 11:15 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:26 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:rsyslog:rsyslog::::::::					5.7.6

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.4:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html	Mailing List Third Party Advisory
2	https://access.redhat.com/security/cve/cve-2011-1490	Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490	Issue Tracking Third Party Advisory
4	https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a	Patch Third Party Advisory
5	https://security-tracker.debian.org/tracker/CVE-2011-1490	Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html	Mailing List Third Party Advisory
7	https://security-tracker.debian.org/tracker/CVE-2011-1490	Third Party Advisory
8	https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a	Patch Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490	Issue Tracking Third Party Advisory
10	https://access.redhat.com/security/cve/cve-2011-1490	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-772	有効なライフタイム後のリソースの解放の欠如	https://cwe.mitre.org/data/definitions/772.html

JVN Vulnerability Information

rsyslog における有効なライフタイム後のリソースの解放の欠如に関する脆弱性

Title	rsyslog における有効なライフタイム後のリソースの解放の欠如に関する脆弱性
Summary	rsyslog には、有効なライフタイム後のリソースの解放の欠如に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 25, 2011, midnight
Registration Date	Nov. 26, 2019, 5:26 p.m.
Last Update	Nov. 26, 2019, 5:26 p.m.

Affected System

Debian

Debian GNU/Linux

openSUSE project

openSUSE Leap

Adiscon

rsyslog 5.7.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1490	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1490
Debian Security Tracker
2	CVE-2011-1490	https://security-tracker.debian.org/tracker/CVE-2011-1490
National Vulnerability Database (NVD)
3	CVE-2011-1490	https://nvd.nist.gov/vuln/detail/CVE-2011-1490

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-772	https://cwe.mitre.org/data/definitions/772.html

ベンダー情報

No	Name	URL
GitHub
1	bugfix: fixed a memory leak and potential abort condition	https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
opensuse-security-announce
2	SUSE-SR:2011:007	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html

Change Log

No	Changed Details	Date of change
1	[2019年11月26日] 掲載	Nov. 26, 2019, 5:26 p.m.