Martin Osvald

**Name of the Vulnerable Software and Affected Versions** rsyslog versions 4.6.x through 4.6.7 rsyslog versions 5.2.0 through 5.8.4 **Description** The issue is related to a stack-based buffer overflow in the `parseLegacySyslogMsg` function in `tools/syslogd.c` in `rsyslogd`. This might allow remote attackers to cause a denial of service (application exit) via a long `TAG` in a legacy syslog message. The vulnerability can be exploited remotely and may lead to disruption of protected information availability. **Recommendations** For rsyslog versions 4.6.x through 4.6.7, update to version 4.6.8 or later. For rsyslog versions 5.2.0 through 5.8.4, update to a version later than 5.8.4. As a temporary workaround, consider restricting access to the `parseLegacySyslogMsg` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 2.0.4 **Description** The issue allows local users to have an unspecified impact by leveraging world-writable permissions for files and directories due to an incorrect umask value. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue.