Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability

The version of syslogd (system logging daemon) that shipped with Sun Microsystems' Solaris 2.4 is vulnerable to a remotely exploitable vulnerability that will cause it to crash.

If a loghost recieves a log message from a host which it cannot resolve through any means (DNS,NIS,hosts), syslogd will dump core. System events logged via syslog will not be recorded until the daemon is manually restarted. This vulnerability can be used by attackers to disable system logging prior to another attack or system misuse.


Privacy Statement
Copyright 2010, SecurityFocus