[syslog-ng] syslog-ng 1.0rc1 stops listening to UDP when zero-length
packet received
Dark Angael
darkangael81 at hotmail.com
Tue Aug 1 03:24:21 CEST 2006
I have been testing 2.0 rc1 for use in a production environment and have
discovered a potential DOS exploit. I discovered this when I stopped
receiving logs after a particular application started. It turns out that for
some reason this app was sending a zero-length packet to syslog. After
receiving this packet, syslog-ng gives the following output in debug mode:
EOF occurred while reading; fd='3'
Closing log reader fd; fd='3'
This is reproducible using packet injection also. It has been shown to
happen on both solaris 8 and linux (2.6.15-gentoo-r5).
It does not happen on syslog-ng version 1.6.11.
_________________________________________________________________
New year, new job – there's more than 100,00 jobs at SEEK
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau&_t=752315885&_r=Jan05_tagline&_m=EXT
More information about the syslog-ng
mailing list