Debian DSA-967-1 Critical: Elog Remote Code Execution and DoS
debian
February 10, 2006
Several security problems have been found in elog, an electonic logbook to manage notes
Topics Covered
Summary
"GroundZero Security" discovered that elog insufficiently checks the
size of a buffer used for processing URL parameters, which might lead
to the execution of arbitrary code.
CVE-2006-0347
It was discovered that elog contains a directory traveral vulnerability
in the processing of "../" sequences in URLs, which might lead to
information disclosure.
CVE-2006-0348
The code to write the log file contained a format string vulnerability,
which might lead to the execution of arbitrary code.
CVE-2006-0597
Overly long revision attributes might trigger a crash due to a buffer
overflow.
CVE-2006-0598
The code to write the log file does not enforce bounds checks properly,
which might lead to the execution of arbitrary code.
CVE-2006-0599
elog emitted different errors messages for invalid passwords and invalid
users, which allows an attacker to probe for valid user names.
CVE-2006-0600
An attacker could be driven into infi...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!