ID CVE-2005-4439
Summary Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:elog:elogd:2.6.0_beta4
    cpe:2.3:a:elog:elogd:2.6.0_beta4
CVSS
Base: 7.8 (as of 21-12-2005 - 09:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CGI abuses
    NASL id ELOG_OVERFLOWS.NASL
    description The remote host appears to be using ELOG, a web-based electronic logbook application. The version of ELOG installed on the remote host crashes when it receives HTTP requests with excessive data for the 'mode' and 'cmd' parameters. An unauthenticated attacker may be able to exploit these issues to execute arbitrary code on the remote host subject to the privileges under which the application runs.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20321
    published 2005-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20321
    title ELOG Remote Buffer Overflow Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-967.NASL
    description Several security problems have been found in elog, an electronic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-4439 'GroundZero Security' discovered that elog insufficiently checks the size of a buffer used for processing URL parameters, which might lead to the execution of arbitrary code. - CVE-2006-0347 It was discovered that elog contains a directory traversal vulnerability in the processing of '../' sequences in URLs, which might lead to information disclosure. - CVE-2006-0348 The code to write the log file contained a format string vulnerability, which might lead to the execution of arbitrary code. - CVE-2006-0597 Overly long revision attributes might trigger a crash due to a buffer overflow. - CVE-2006-0598 The code to write the log file does not enforce bounds checks properly, which might lead to the execution of arbitrary code. - CVE-2006-0599 elog emitted different errors messages for invalid passwords and invalid users, which allows an attacker to probe for valid user names. - CVE-2006-0600 An attacker could be driven into infinite redirection with a crafted 'fail' request, which has denial of service potential.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22833
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22833
    title Debian DSA-967-1 : elog - several vulnerabilities
refmap via4
bid 15932
debian DSA-967
fulldisc 20051219 elogd 2.6.0 overflow
osvdb 21844
sectrack 1015379
secunia
  • 18124
  • 18783
vupen ADV-2005-3000
xf
  • elog-cmd-mode-bo(24703)
  • elogd-http-request-bo(23838)
Last major update 17-10-2016 - 23:38
Published 20-12-2005 - 20:03
Last modified 19-07-2017 - 21:29
Back to Top