Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
BID:1878
Info
Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
| Bugtraq ID: | 1878 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 09 1996 12:00AM |
| Updated: | Nov 09 1996 12:00AM |
| Credit: | First posted to Bugtraq by Denis Campeau <[email protected]> on November 9, 1996. |
| Vulnerable: |
Sun Solaris 2.4_x86 Sun Solaris 2.4 |
| Not Vulnerable: |
Sun Solaris 2.5_x86 Sun Solaris 2.5 |
Discussion
Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
The version of syslogd (system logging daemon) that shipped with Sun Microsystems' Solaris 2.4 is vulnerable to a remotely exploitable vulnerability that will cause it to crash.
If a loghost recieves a log message from a host which it cannot resolve through any means (DNS,NIS,hosts), syslogd will dump core. System events logged via syslog will not be recorded until the daemon is manually restarted. This vulnerability can be used by attackers to disable system logging prior to another attack or system misuse.
The version of syslogd (system logging daemon) that shipped with Sun Microsystems' Solaris 2.4 is vulnerable to a remotely exploitable vulnerability that will cause it to crash.
If a loghost recieves a log message from a host which it cannot resolve through any means (DNS,NIS,hosts), syslogd will dump core. System events logged via syslog will not be recorded until the daemon is manually restarted. This vulnerability can be used by attackers to disable system logging prior to another attack or system misuse.
Exploit / POC
Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
Find a target loghost.
Send a log message to the target from a machine which is not in the victim's hosts file, nis/nis+ host maps and does not have an inverse dns entry.
No more syslogd on the target.
Find a target loghost.
Send a log message to the target from a machine which is not in the victim's hosts file, nis/nis+ host maps and does not have an inverse dns entry.
No more syslogd on the target.
Solution / Fix
Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
Solution:
There reportedly exists no patch for Solaris 2.4. Solaris 2.5 is patched.
Solution:
There reportedly exists no patch for Solaris 2.4. Solaris 2.5 is patched.
References
Solaris syslogd Unresolvable Address Remote Denial of Service Vulnerability
References:
References:
- Sunsolve Online(tm) (Sun Microsystems)