ID de Prueba:	1.3.6.1.4.1.25623.1.0.57750
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 1242-1 (elog)
Resumen:	Debian Security Advisory DSA 1242-1 (elog)
Descripción:	The remote host is missing an update to elog announced via advisory DSA 1242-1. Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-5063 Tilman Koschnick discovered that log entry editing in HTML is vulnerable to cross-site scripting. This update disables the vulnerable code. CVE-2006-5790 Ulf Harnhammar of the Debian Security Audit Project discovered several format string vulnerabilities in elog, which may lead to execution of arbitrary code. CVE-2006-5791 Ulf Harnhammar of the Debian Security Audit Project discovered cross-site scripting vulnerabilities in the creation of new logbook entries. CVE-2006-6318 Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs insufficient error handling in config file parsing, which may lead to denial of service through a NULL pointer dereference. For the stable distribution (sarge) these problems have been fixed in version 2.5.7+r1558-4+sarge3. The upcoming stable distribution (etch) will no longer include elog. For the unstable distribution (sid) these problems have been fixed in version 2.6.2+r1754-1. We recommend that you upgrade your elog package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201242-1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5063 Debian Security Information: DSA-1242 (Google Search) http://www.debian.org/security/2006/dsa-1242 BugTraq ID: 20181 http://www.securityfocus.com/bid/20181 http://secunia.com/advisories/22057 http://secunia.com/advisories/23580 XForce ISS Database: elog-entries-xss(29137) http://xforce.iss.net/xforce/xfdb/29137 Common Vulnerability Exposure (CVE) ID: CVE-2006-5790 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016 BugTraq ID: 20876 http://www.securityfocus.com/bid/20876 http://www.vupen.com/english/advisories/2006/4315 http://secunia.com/advisories/22638 XForce ISS Database: elog-elsubmit-format-string(29987) http://xforce.iss.net/xforce/xfdb/29987 Common Vulnerability Exposure (CVE) ID: CVE-2006-5791 BugTraq ID: 20881 http://www.securityfocus.com/bid/20881 BugTraq ID: 20882 http://www.securityfocus.com/bid/20882 XForce ISS Database: elog-nonexistent-files-xss(29986) http://xforce.iss.net/xforce/xfdb/29986 Common Vulnerability Exposure (CVE) ID: CVE-2006-6318 Bugtraq: 20061113 ELOG Web Logbook Remote Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/451351 http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875 BugTraq ID: 21028 http://www.securityfocus.com/bid/21028 http://www.vupen.com/english/advisories/2006/4423 http://www.osvdb.org/30272 http://securitytracker.com/id?1017450 http://secunia.com/advisories/22800 http://securityreason.com/securityalert/2060
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario Email: Usuario: Contraseña: Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas. Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.     Privacidad

Ingreso de Usuario Registrado   Usuario:     Contraseña:     ¿Olvidó su usuario o contraseña?? Email/ID de Usario: