Info

Disclosure

Aug 13, 2002

Discovery

May 29, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

CafeLog b2 contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker includes a remote file which is executed by the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Upgrade to version 0.6 pre2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Michel Valdrighi

CafeLog b2

0.6.1

References

CVE ID: 2002-1466 (see also: NVD)
Bugtraq ID: 4673
ISS X-Force ID: 9013
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0093.html
Vendor URL: http://www.cafelog.com/releases/

Credit

Frank - thran60hotmail.com -

Direct URL: http://osvdb.org/4768