ID CVE-2006-1624
Summary The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bugtraq
  • 20060331 DoS-ing sysklogd?
  • 20060402 RE: DoS-ing sysklogd?
xf sysklogd-sourceip-dos(25672)
statements via4
  • contributor Vincent Danen
    lastmodified 2006-07-20
    organization Mandriva
    statement Mandriva does not enable the -r option in syslogd per default, which prevents syslogd from listening for remote events. The -x option is also described in /etc/sysconfig/syslog for those who wish to enable the -r option.
  • contributor Joshua Bressers
    lastmodified 2006-12-06
    organization Red Hat
    statement Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file.
Last major update 18-10-2018 - 16:33
Published 05-04-2006 - 10:04
Last modified 18-10-2018 - 16:33
Back to Top