[--Vulnerability Summary--] Title: Syslserve 1.058 Denial of Service Vulnerability Product: Syslserve 1.058 Discovered: December 1, 2008 Discovered by: Rob Kraus, princeofnigeria (PoN) Vendor: Syslserve Vendor URL: http://www.syslserve.com/ Vendor notification date: December 2, 2008 Vendor response date: December 4, 2008 Vendor acknowledgment: December 5, 2008 Vendor provided fix: Upgrade to version 1.0.6 fixes the issue Release coordinated with the vendor: -- Public disclosure date: January 15, 2009 Affects: Syslserve 1.058 and several earlier versions Fixed in: Version 1.0.6 Risk: High Vulnerability Description: Syslserve 1.058 is vulnerable to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Sending a specially crafted UDP Syslog request will cause the application to become unstable and stop responding. Impact: A remote or local attacker can exploit this flaw by sending a specially crafted packet to the Syslog server. Successful exploitation of this flaw will cause the Syslog server process to crash preventing valid users or devices from using the service. The Syslog server will need to be restarted to resume normal Syslog server operations. Keywords: security, vulnerability, syslog, princeofnigeria, windows, server, udp, dos, denial of service [--Background--] Type of vulnerability: Input validation flaw Who can exploit it: Local or Remote users Syslserve 1.058 is an application that provides services for receiving system event messages to provide a centralized reporting interface for distributed system events. The application should validate and sanitize all user input to prevent unexpected conditions. Vulnerability Scope: The default installation of Syslserve 1.058 will allow exploitation of this vulnerability. [--More Details--] Exploitation of this flaw can be executed by sending a specially crafted UDP to the target server. No exploit code is required. [--Fix or Workaround Information--] Patch availability: Update to version 1.0.6 fixes the issue Vendor provided fix: 12/5/2008 Workarounds: None required, update to 1.0.6 [--Disclosure Policy--] PrinceofNigeria.org Vulnerability Disclosure Policy http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy/?blog=1 [--Disclosure History--] Public disclosure date: January 15, 2009 [--References--] CVE-ID: Bugtraq ID: Secunia ID: OSVDB ID: [--Author--] Rob Kraus, princeofnigeria (PoN) Website: www.princeofnigeria.org/blogs
