Info

Disclosure

Oct 25, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ELOG contains a format string error that may allow a malicious user to crash the service or potentially execute arbitrary code. The issue is triggered when a specially crafted username is submitted via the login page and then processed by the 'write_logfile' function in 'elogd.c'. It is possible that the flaw may result in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Stefan Ritt

ELOG

2.6.0

References

Bugtraq ID: 16315
Secunia Advisory ID: 18533 18783
CVE ID: 2006-0348 (see also: NVD)
Related OSVDB ID: 22647
ISS X-Force ID: 24221
VUPEN Advisory: ADV-2006-0262
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi/0005-Fix-potential-format-string-issues-when-calling-write_logfile.txt?bug=349528;msg=15;att=5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528
http://midas.psi.ch/elog/download/ChangeLog
Vendor URL: http://midas.psi.ch/elog/
Vendor Specific Advisory URL: http://www.debian.org/security/2006/dsa-967

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/22646