You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-dev@logging.apache.org by "Nicko Cadell (JIRA)" <ji...@apache.org> on 2006/03/07 17:50:39 UTC
[jira] Resolved: (LOG4NET-67) CVE-2006-0743 Security vulnerability
in LocalSyslogAppender
[ http://issues.apache.org/jira/browse/LOG4NET-67?page=all ]
Nicko Cadell resolved LOG4NET-67:
---------------------------------
Resolution: Fixed
Fix checked in
> CVE-2006-0743 Security vulnerability in LocalSyslogAppender
> -----------------------------------------------------------
>
> Key: LOG4NET-67
> URL: http://issues.apache.org/jira/browse/LOG4NET-67
> Project: Log4net
> Type: Bug
> Components: Appenders
> Versions: 1.2.9
> Reporter: Nicko Cadell
> Assignee: Nicko Cadell
> Priority: Critical
> Fix For: 1.2.10
>
> Reported by Sebastian Krahmer to security@apache.org
> Logged as CVE-2006-0743
> The LocalSyslogAppender contains a vulnerability which could lead to memory corruption within the runtime process. This is likely to cause the application using the LocalSyslogAppender to terminate unexpectedly. In addition to a deliberate denial of service attack this fault may be caused by logging legitimate data therefore the LocalSyslogAppender must not be used even within secured environments.
> Current users of the LocalSyslogAppender (from the log4net 1.2.9 release) should update their logging configuration to remove references to the LocalSyslogAppender. Alternatively users can build a new version of the log4net assembly from the head of the source code repository where this fault has been fixed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira