23905 : Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
Printer | http://osvdb.org/23905 | Email This | Edit Vulnerability

Views This Week

Views All Time

179

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Mar 07, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

No Keywords

Description

Apache Log4net contains a flaw that may allow a remote denial of service. The issue is triggered due to an unspecified format string error in LocalSyslogAppender which may corrupt system memory resulting in loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.2.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apache Software Foundation	log4net	1.2.9
		1.2.10

References

Bugtraq ID: 17095
Secunia Advisory ID: 19241 22932
CVE ID: 2006-0743 (see also: NVD)
ISS X-Force ID: 25196
FrSIRT Advisory: ADV-2006-0955
Mail List Post: http://attrition.org/pipermail/vim/2006-March/000614.html
Vendor Specific News/Changelog Entry: http://issues.apache.org/jira/browse/LOG4NET-67
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html

Tools & Filters

Nessus	27343

Credit

Sebastian Krahmer - krahmersuse.de - SuSE

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

Apache Software Foundation

log4net

References

Tools & Filters

Credit

Blogs

Comments