|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 1242-1 (elog)|
|Summary:||Debian Security Advisory DSA 1242-1 (elog)|
|Description:||The remote host is missing an update to elog|
announced via advisory DSA 1242-1.
Several remote vulnerabilities have been discovered in elog, a web-based
electronic logbook, which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
Tilman Koschnick discovered that log entry editing in HTML is vulnerable
to cross-site scripting. This update disables the vulnerable code.
Ulf Harnhammar of the Debian Security Audit Project discovered several
format string vulnerabilities in elog, which may lead to execution of
Ulf Harnhammar of the Debian Security Audit Project discovered
cross-site scripting vulnerabilities in the creation of new logbook
Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs
insufficient error handling in config file parsing, which may lead to
denial of service through a NULL pointer dereference.
For the stable distribution (sarge) these problems have been fixed in
The upcoming stable distribution (etch) will no longer include elog.
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your elog package.
Common Vulnerability Exposure (CVE) ID: CVE-2006-5063|
Debian Security Information: DSA-1242 (Google Search)
BugTraq ID: 20181
XForce ISS Database: elog-entries-xss(29137)
Common Vulnerability Exposure (CVE) ID: CVE-2006-5790
BugTraq ID: 20876
XForce ISS Database: elog-elsubmit-format-string(29987)
Common Vulnerability Exposure (CVE) ID: CVE-2006-5791
BugTraq ID: 20881
BugTraq ID: 20882
XForce ISS Database: elog-nonexistent-files-xss(29986)
Common Vulnerability Exposure (CVE) ID: CVE-2006-6318
Bugtraq: 20061113 ELOG Web Logbook Remote Denial of Service Vulnerability (Google Search)
BugTraq ID: 21028
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.