Executive Summary

Informations
Name CVE-2011-3626 First vendor Publication 2012-01-27
Vendor Cve Last vendor Modification 2012-01-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3626

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application10
Application6

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-04 (Logsurfer)
File : nvt/glsa_201201_04.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
76792Logsurfer src/exec.c prepare_exec() Function Double-free Remote Code Execution

Nessus® Vulnerability Scanner

DateDescription
2012-01-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-04.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=387397
GENTOO http://security.gentoo.org/glsa/glsa-201201-04.xml
MLIST http://www.openwall.com/lists/oss-security/2011/10/17/2
http://www.openwall.com/lists/oss-security/2011/10/17/4
SECUNIA http://secunia.com/advisories/46389
http://secunia.com/advisories/47725

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:05:25
  • Multiple Updates
2013-05-10 23:07:57
  • Multiple Updates