Vulnerabilities > CVE-2006-1624 - Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Statements
contributor Vincent Danen lastmodified 2006-07-20 organization Mandriva statement Mandriva does not enable the -r option in syslogd per default, which prevents syslogd from listening for remote events. The -x option is also described in /etc/sysconfig/syslog for those who wish to enable the -r option. contributor Joshua Bressers lastmodified 2006-12-06 organization Red Hat statement Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file.