An SQL injection vulnerability was found in all rsyslog releases prior to the ones announced on 2005-09-23. An attacker can send a specifically-crafted syslog message to rsyslogd and potentially take ownership of the machine. This can be locally exploited if rsyslogd is listening on the local socket. Wes assume it is doing this in almost […]