Vulnerability CVE-2011-1951

Vulnerability Name:

CVE-2011-1951 (CCN-67404)

Assigned:

2011-05-11

Published:

2011-05-11

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2011-1951

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: SA44527
syslog-ng PCRE Denial of Service Vulnerability

Source: CCN
Type: BalaBit Web site
syslog-ng

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 73736
syslog-ng lib/logmatcher.c PCRE Global Flag Remote DoS

Source: CCN
Type: BID-47800
BalaBit IT Security syslog-ng PCRE Denial of Service Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
syslogng-pcre-dos(67404)

Source: CCN
Type: devel at balabit.hu
syslog-ng 3.2.4 has been released

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:balabit:syslog-ng:3.2::open_source:*:*:*:*:*

OR cpe:/a:balabit:syslog-ng:3.2.3::open_source:*:*:*:*:*

OR cpe:/a:balabit:syslog-ng:3.2.2::open_source:*:*:*:*:*

OR cpe:/a:balabit:syslog-ng:3.2.1::open_source:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7709	P	libzmq5-4.2.3-3.15.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7731	P	pam_krb5-2.4.13-1.36 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:20111951	V	CVE-2011-1951	2022-06-30
oval:org.opensuse.security:def:113474	P	syslog-ng-3.8.1-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:7007	P	Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP1) (Important)	2021-12-14
oval:org.opensuse.security:def:106871	P	syslog-ng-3.8.1-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:6907	P	Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) (Important)	2021-06-18
oval:org.opensuse.security:def:36539	P	popt-devel-1.7-37.63.64.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36497	P	libtunepimp-0.5.3-126.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46360	P	syslog-ng-3.4.5-3.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:13240	P	syslog-ng-3.4.5-3.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:6888	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:7071	P	Security update for the Linux Kernel (Important)	2021-04-16
oval:org.opensuse.security:def:7058	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:6873	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:6982	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) (Important)	2021-02-10
oval:org.opensuse.security:def:7049	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:35640	P	sudo-1.6.9p17-21.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35748	P	libgnomesu-1.0.0-307.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35815	P	qt3-3.3.8b-88.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35699	P	freeradius-server-2.1.1-7.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35787	P	mutt-1.5.17-42.33.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35859	P	aaa_base-11-6.90.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:7040	P	libgcrypt20 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35390	P	Security update for openldap2	2020-12-01
oval:org.opensuse.security:def:6780	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35001	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:35096	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35333	P	Security update for mono-core (Moderate)	2020-12-01
oval:org.opensuse.security:def:6758	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35480	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:6826	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6750	P	libraptor2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35012	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35232	P	Security update for MySQL	2020-12-01
oval:org.opensuse.security:def:35000	P	Recommended update for glibc (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20111951000	V	CVE-2011-1951 on Ubuntu 12.04 LTS (precise) - low.	2011-07-11

BACK