Buffer overflow : ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.901009

Category: Buffer overflow

Title: ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Summary: Check for the version of ELOG

Description:

Overview: This host has ELOG installed and is prone multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:
- A buffer overflow error in 'elog.c' when processing malformed data.
- An infinite loop in the 'replace_inline_img()' [elogd.c] function.
- An input validation error when handling the 'subtext' parameter.

Impact:
Successful exploitation will allow attackers to execute arbitrary scripting
code, cause a denial of service or compromise a vulnerable system.

Impact Level: System/Application

Affected Software/OS:
ELOG versions prior to 2.7.1

Fix: Upgrade ELOG Version to 2.7.1
For updates refer to https://midas.psi.ch/elog/download/

References:
http://xforce.iss.net/xforce/xfdb/39903
https://midas.psi.ch/elog/download/ChangeLog
http://www.vupen.com/english/advisories/2008/0265

Cross-Ref: BugTraq ID: 27399
Common Vulnerability Exposure (CVE) ID: CVE-2008-7004
http://www.osvdb.org/41684
http://www.vupen.com/english/advisories/2008/0265
XForce ISS Database: elog-elogc-bo(39903)
http://xforce.iss.net/xforce/xfdb/39903
Common Vulnerability Exposure (CVE) ID: CVE-2008-0444
http://www.securityfocus.com/bid/27399
http://osvdb.org/41681
http://secunia.com/advisories/28589
XForce ISS Database: elog-subtext-xss(39828)
http://xforce.iss.net/xforce/xfdb/39828
Common Vulnerability Exposure (CVE) ID: CVE-2008-0445
XForce ISS Database: elog-elogd-logbook-dos(39824)
http://xforce.iss.net/xforce/xfdb/39824

Copyright Copyright (C) 2009 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.901009
Category:	Buffer overflow
Title:	ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities
Summary:	Check for the version of ELOG
Description:	Overview: This host has ELOG installed and is prone multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - A buffer overflow error in 'elog.c' when processing malformed data. - An infinite loop in the 'replace_inline_img()' [elogd.c] function. - An input validation error when handling the 'subtext' parameter. Impact: Successful exploitation will allow attackers to execute arbitrary scripting code, cause a denial of service or compromise a vulnerable system. Impact Level: System/Application Affected Software/OS: ELOG versions prior to 2.7.1 Fix: Upgrade ELOG Version to 2.7.1 For updates refer to https://midas.psi.ch/elog/download/ References: http://xforce.iss.net/xforce/xfdb/39903 https://midas.psi.ch/elog/download/ChangeLog http://www.vupen.com/english/advisories/2008/0265
Cross-Ref:	BugTraq ID: 27399 Common Vulnerability Exposure (CVE) ID: CVE-2008-7004 http://www.osvdb.org/41684 http://www.vupen.com/english/advisories/2008/0265 XForce ISS Database: elog-elogc-bo(39903) http://xforce.iss.net/xforce/xfdb/39903 Common Vulnerability Exposure (CVE) ID: CVE-2008-0444 http://www.securityfocus.com/bid/27399 http://osvdb.org/41681 http://secunia.com/advisories/28589 XForce ISS Database: elog-subtext-xss(39828) http://xforce.iss.net/xforce/xfdb/39828 Common Vulnerability Exposure (CVE) ID: CVE-2008-0445 XForce ISS Database: elog-elogd-logbook-dos(39824) http://xforce.iss.net/xforce/xfdb/39824
Copyright	Copyright (C) 2009 SecPod