ELOG Remote Buffer Overflow And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host has ELOG installed and is prone multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary scripting code, cause a denial of service or compromise a vulnerable system. Impact Level: System/Application

Solution

Upgrade ELOG Version to 2.7.1 For updates refer to https://midas.psi.ch/elog/download/

Insight

The flaws are due to: - A buffer overflow error in 'elog.c' when processing malformed data. - An infinite loop in the 'replace_inline_img()' [elogd.c] function. - An input validation error when handling the 'subtext' parameter.

Affected

ELOG versions prior to 2.7.1

References

http://www.vupen.com/english/advisories/2008/0265
http://xforce.iss.net/xforce/xfdb/39903
https://midas.psi.ch/elog/download/ChangeLog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0444, CVE-2008-0445, CVE-2008-7004
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache mod_proxy content-length buffer overflow
BreakPoint Software, Hex Workshop Buffer Overflow vulnerability
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
BSPlayer Stack Overflow Vulnerability BLS

ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities