CVE-2007-6437

Name of the Vulnerable Software and Affected Versions: Balabit syslog-ng versions 2.0.x through 2.0.5 Balabit syslog-ng versions 2.1.x through 2.1.7

Description: The issue allows remote attackers to cause a denial of service, leading to a crash, via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. This can lead to disruption of protected information availability. The exploitation of this issue can be done remotely.

Recommendations: For Balabit syslog-ng versions 2.0.x through 2.0.5, update to version 2.0.6 or later. For Balabit syslog-ng versions 2.1.x through 2.1.7, update to version 2.1.8 or later.