[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Link Logger syslogd resource overwhelm DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Link Logger syslogd resource overwhelm DoS
From: mcyr2@xxxxxxx
Date: Sat, 13 Jun 2009 08:54:12 -0600

Remote: yes

Credit: Mike Cyr, aka h00die

Vulnerable: 2.4.10.15 (ddwrt version) but more than likely all versions

Discussion:  Link Logger is a program for logging, analysis and reporting of 
router traffic so you can easily spot attacks and abuses on your network.  By 
sending a ton of spoofed traffic, the syslogd portion of link logger will 
become overwhelmed and crash.  The program must be restarted to bring syslogd 
back up.  After talking with the vendor, the syslogd portion is from another 
company, so other products may also be vulnerable.  The vendor would not 
disclose who the syslogd vendor was.

Log:
#Vendor notification 4/13/09
#Vendor acknowledgement 4/14/09, the syslogd is actually from another company, 
vendor contacts syslogd vendor.
#Vendor can not run DoS code successfully 5/11/09
#Sent instructions and video on how to install all needed modules and run 
successfully 5/12/09
#Asked for update, no response 6/8/09
#Sent to milw0rm and security focus 6/13/09

I will update this post when the code gets put on milw0rm.

References: http://www.linklogger.com/

Prev by Date: SugarCRM 5.2.0e Remote Code Execution
Next by Date: CakeCMS XSRF Vulnerability
Previous by thread: SugarCRM 5.2.0e Remote Code Execution
Next by thread: CakeCMS XSRF Vulnerability
Index(es):
- Date
- Thread