Vulnerabilities > CVE-2006-1624 - Unspecified vulnerability in Linux Kernel 2.6.20.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Statements
contributor Vincent Danen lastmodified 2006-07-20 organization Mandriva statement Mandriva does not enable the -r option in syslogd per default, which prevents syslogd from listening for remote events. The -x option is also described in /etc/sysconfig/syslog for those who wish to enable the -r option. contributor Joshua Bressers lastmodified 2006-12-06 organization Red Hat statement Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file.
References
- http://www.securityfocus.com/archive/1/429618/100/0/threaded
- http://www.securityfocus.com/archive/1/429618/100/0/threaded
- http://www.securityfocus.com/archive/1/429739/100/0/threaded
- http://www.securityfocus.com/archive/1/429739/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25672