Archive for the ‘syslog-ng’ Category
syslog-fuzzer.txt
Wednesday, April 9th, 2008
Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.
dsa-1464-1.txt
Wednesday, January 16th, 2008
Debian Security Advisory 1464-1 - Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged.