Info

Disclosure

Nov 09, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ELOG Logbook contains a flaw that may allow a remote denial of service. The issue is triggered when a request for "/global" occurs, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 2.6.2-7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Elog

Logbook Web Server

2.6.2-1

References

Security Tracker: 1017450
CVE ID: 2006-6318 (see also: NVD)
Bugtraq ID: 21028
Secunia Advisory ID: 22800 23580
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016;msg=27
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875
Vendor URL: http://midas.psi.ch/elog/
Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1242
Keyword: OS2A ID: OS2A_1008

Credit

Jayesh K.S - os2a.btogmail.com -
Arun Kethipelly - os2a.btogmail.com -

Direct URL: http://osvdb.org/30272