Solutionary ID: SERT-VDN-1016
Risk Rating: High
CVE ID: CVE-2014-6608
Product: Syslog Forwarder 1.0
Application Vendor: ManageEngine
Date discovered: 08/28/2014
Discovered by: Rob Kraus and the Solutionary Security Engineering Research Team (SERT)
Vendor notification date: 09/15/2014
Vendor response date: No Response
Vendor acknowledgment date: No Response
Public disclosure date: 11/24/2014
Type of vulnerability: Buffer Overflow - Denial of Service (DoS)
Exploit Vectors: Local and Remote
Vulnerability Description: The application encounters a Denial of Service (DoS) condition due to a buffer overflow encountered when an attacker sends a specially crafted UDP packet to the configured port (default 514/UDP) of the Syslog Forwarder server. The DoS condition is caused by sending a large amount of data in the Syslog DATE message header field. The length of data sent to the field causes the application to stop responding and terminates the “SyslogForwarder.exe” process on the affected target.
Tested on: Windows XP, SP3, with SysLog Forwarder version 1.0 default installation.
Affected software versions: 1.0
Impact: Successful exploitation of the described vulnerability will cause a DoS to legitimate users and applications. The DoS condition will result in the loss of Syslog message forwarding capabilities, and may reduce the visibility to critical system and security messages. An attacker may be able to leverage the buffer overflow condition to execute arbitrary commands in the context of the account it is running as.
Remediation guidelines: The vendor has not provided any remediation guidelines to address this issue. Solutionary recommends upgrading the application if patches are made to address the issue identified. Limit access to only those systems that need to interact with the service to reduce available attack vectors.