rsyslog Long Tag Off-By-Two DoS
This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to yield code execution but is effective at shutting down a remote log daemon. This bug was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5. Compiler differences may prevent this bug from causing any noticeable result on many systems (RHEL6 is affected).
Rank
- Normal
Authors
- hdm < hdm [at] metasploit.com >
Vulnerability References
- CVE-2011-3200
- http://www.rsyslog.com/potential-dos-with-malformed-tag/
- https://bugzilla.redhat.com/show_bug.cgi?id=727644
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/dos/syslog/rsyslog_long_tag
msf auxiliary(rsyslog_long_tag) > set RHOST [TARGET IP]
msf auxiliary(rsyslog_long_tag) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/dos/syslog/rsyslog_long_tag
msf auxiliary(rsyslog_long_tag) > set RHOST [TARGET IP]
msf auxiliary(rsyslog_long_tag) > run
Module Options
| RHOST | The target address |
| RPORT | The target port (default: 514) |
| CHOST | The local client address |
| CPORT | The local client port |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |