Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1624

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1624
Last Modified 05 Sep 2008 05:02:24
Published 05 Apr 2006 06:04:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1624

Summary

The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.20.1


References

BUGTRAQ - 20060402 RE: DoS-ing sysklogd?

BUGTRAQ - 20060331 DoS-ing sysklogd?

XF - sysklogd-sourceip-dos(25672)


Last Updated: 27 May 2016 10:42:09