Executive Summary
| Summary | |
|---|---|
| Title | New elog packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-967 | First vendor Publication | 2006-02-10 |
| Vendor | Debian | Last vendor Modification | 2006-02-10 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several security problems have been found in elog, an electonic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2005-4439 "GroundZero Security" discovered that elog insufficiently checks the size of a buffer used for processing URL parameters, which might lead to the execution of arbitrary code. CVE-2006-0347 It was discovered that elog contains a directory traveral vulnerability in the processing of "../" sequences in URLs, which might lead to information disclosure. CVE-2006-0348 The code to write the log file contained a format string vulnerability, which might lead to the execution of arbitrary code. CVE-2006-0597 Overly long revision attributes might trigger a crash due to a buffer overflow. CVE-2006-0598 The code to write the log file does not enforce bounds checks properly, which might lead to the execution of arbitrary code. CVE-2006-0599 elog emitted different errors messages for invalid passwords and invalid users, which allows an attacker to probe for valid user names. CVE-2006-0600 An attacker could be driven into infinite redirection with a crafted "fail" request, which has denial of service potential. The old stable distribution (woody) does not contain elog packages. For the stable distribution (sarge) these problems have been fixed in version 2.5.7+r1558-4+sarge2. For the unstable distribution (sid) these problems have been fixed in version 2.6.1+r1642-1. We recommend that you upgrade your elog package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-967 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 967-1 (elog) File : nvt/deb_967_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 23165 | ELOG Crafted Fail Parameter Request Infinite Loop DoS |
| 23164 | ELOG Error Message Username Enumeration |
| 23163 | ELOG elogd.c Multiple Unspecified Overflows |
| 23162 | ELOG elogd.c Long revision attributes Overflow |
| 22651 | ELOG Log File Writing Unspecified Overflow |
| 22647 | ELOG URL Processing Unspecified Traversal ELOG contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the ELOG server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via an unspecified variable. |
| 22646 | ELOG Login Page write_logfile() Remote Format String ELOG contains a format string error that may allow a malicious user to crash the service or potentially execute arbitrary code. The issue is triggered when a specially crafted username is submitted via the login page and then processed by the 'write_logfile' function in 'elogd.c'. It is possible that the flaw may result in a loss of integrity. |
| 21844 | ELOG Multiple Parameter Overflow DoS A remote overflow exists in ELOG. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long string to the 'cmd' or 'mode' parameter, a remote attacker can cause the application to crash resulting in a loss of availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-967.nasl - Type : ACT_GATHER_INFO |
| 2006-01-20 | Name : The remote web server is affected by multiple flaws. File : elog_261.nasl - Type : ACT_ATTACK |
| 2005-12-19 | Name : The remote web server is affected by remote buffer overflow flaws. File : elog_overflows.nasl - Type : ACT_MIXED_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:53 |
|
