CVE-2002-1200 - OpenCVE

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oneidentity	Syslog-ng

Configuration 1 [-]

OR	cpe:2.3:a:oneidentity:syslog-ng:1.4.0:rc3::::::
	cpe:2.3:a:oneidentity:syslog-ng:1.4.7:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.4.8:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.4.9:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.4.10:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.4.15:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.5.15:::::::*
	cpe:2.3:a:oneidentity:syslog-ng:1.5.20:::::::*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547	Broken Link
http://marc.info/?l=bugtraq&m=103426595021928&w=2	Third Party Advisory
http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt	Exploit Patch Vendor Advisory
http://www.debian.org/security/2002/dsa-175	Patch Third Party Advisory
http://www.iss.net/security_center/static/10339.php	Third Party Advisory
http://www.linuxsecurity.com/advisories/other_advisory-2513.html	Third Party Advisory
http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html	Third Party Advisory
http://www.securityfocus.com/bid/5934	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2002-10-21T09:00:00

Reserved: 2002-10-11T00:00:00

Link: CVE-2002-1200

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-10-28T05:00:00.000

Modified: 2020-05-19T19:33:31.377

Link: CVE-2002-1200

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-10-21T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt"}, {"name": "5934", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5934"}, {"name": "ESA-20021029-028", "tags": ["vendor-advisory", "x_refsource_ENGARDE"], "url": "http://www.linuxsecurity.com/advisories/other_advisory-2513.html"}, {"name": "syslogng-macro-expansion-bo(10339)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10339.php"}, {"name": "SuSE-SA:2002:039", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html"}, {"name": "CLA-2002:547", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547"}, {"name": "20021010 syslog-ng buffer overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103426595021928&w=2"}, {"name": "DSA-175", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-175"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1200", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt", "refsource": "CONFIRM", "url": "http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt"}, {"name": "5934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5934"}, {"name": "ESA-20021029-028", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/other_advisory-2513.html"}, {"name": "syslogng-macro-expansion-bo(10339)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10339.php"}, {"name": "SuSE-SA:2002:039", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html"}, {"name": "CLA-2002:547", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547"}, {"name": "20021010 syslog-ng buffer overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103426595021928&w=2"}, {"name": "DSA-175", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-175"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1200", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-10-11T00:00:00", "dateUpdated": "2002-10-21T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "2FB78B77-64B2-4BDB-A323-A68703C6A7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "B622DC01-D651-429B-B976-467596DE791F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "788D220F-2CAD-4E16-8853-9F45AC97A2EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "F387EC59-F86A-461C-894E-1A09D186D93B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "E1041037-D106-4D19-AC72-39594E4CBB55", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "55321D71-D819-4767-991A-ECB084BB6531", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "F8E1C408-AE21-4ABF-9061-E1B82C178ED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oneidentity:syslog-ng:1.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "AC636B75-7F1B-4165-A8C8-697295CE856E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code."}, {"lang": "es", "value": "Balabit Syslog-NG 1.4.x antes de 1.4.15, y 1.4.x antes de 1.5.20, cuando se usan plantillas de nombres de fichero o de salida, no controla adecuadamente el tama\u00f1o de un b\u00fafer cuando se encuentran caracteres constantes durante una expansi\u00f3n de macro, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2002-1200", "lastModified": "2020-05-19T19:33:31.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-10-28T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=103426595021928&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.debian.org/security/2002/dsa-175"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.iss.net/security_center/static/10339.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.linuxsecurity.com/advisories/other_advisory-2513.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/5934"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}