Syslserve 1.058 Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Syslserve 1.058 Denial of Service Vulnerability
From: vuln_research@xxxxxxxxxxxxxxxxxxx
Date: Thu, 15 Jan 2009 16:54:33 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[--Vulnerability Summary--]

Title: Syslserve 1.058 Denial of Service Vulnerability
Product: Syslserve 1.058

Discovered: December 1, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)

Vendor: Syslserve
Vendor URL: http://www.syslserve.com/
Vendor notification date: December 2, 2008
Vendor response date: December 4, 2008
Vendor acknowledgment: December 5, 2008
Vendor provided fix: Upgrade to version 1.0.6 fixes the issue
Release coordinated with the vendor: --
Public disclosure date: January 15, 2009

Affects: Syslserve 1.058 and several earlier versions
Fixed in: Version 1.0.6
Risk: High

Vulnerability Description: Syslserve 1.058 is vulnerable to a remote 
denial-of-service vulnerability because it fails to handle user-supplied input. 
Sending a specially crafted UDP Syslog request will cause the application to 
become unstable and stop responding.

Impact: A remote or local attacker can exploit this flaw by sending a specially 
crafted packet to the Syslog server. Successful exploitation of this flaw will 
cause the Syslog server process to crash preventing valid users or devices from 
using the service. The Syslog server will need to be restarted to resume normal 
Syslog server operations.

Keywords: security, vulnerability, syslog, princeofnigeria, windows, server, 
udp, dos, denial of service

[--Background--]

Type of vulnerability: Input validation flaw
Who can exploit it: Local or Remote users

Syslserve 1.058 is an application that provides services for receiving system 
event messages to provide a centralized reporting interface for distributed 
system events. The application should validate and sanitize all user input to 
prevent unexpected conditions.

Vulnerability Scope: The default installation of Syslserve 1.058 will allow 
exploitation of this vulnerability.

[--More Details--]

Exploitation of this flaw can be executed by sending a specially crafted UDP to 
the target server. No exploit code is required.

[--Fix or Workaround Information--]

Patch availability: Update to version 1.0.6 fixes the issue
Vendor provided fix: 12/5/2008
Workarounds: None required, update to 1.0.6

[--Disclosure Policy--]

PrinceofNigeria.org Vulnerability Disclosure Policy
http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy/?blog=1

[--Disclosure History--]

Public disclosure date: January 15, 2009

[--References--]
CVE-ID:
Bugtraq ID:
Secunia ID:
OSVDB ID:

[--Author--]
Rob Kraus, princeofnigeria (PoN)
Website: www.princeofnigeria.org/blogs

Prev by Date: [USN-700-2] Perl regression
Next by Date: [ MDVSA-2009:014 ] mplayer
Previous by thread: [USN-700-2] Perl regression
Next by thread: [ MDVSA-2009:014 ] mplayer
Index(es):
- Date
- Thread