ELOG Remote Buffer Overflow And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host has ELOG installed and is prone multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary scripting code, cause a denial of service or compromise a vulnerable system. Impact Level: System/Application

Solution

Upgrade ELOG Version to 2.7.1 For updates refer to https://midas.psi.ch/elog/download/

Insight

The flaws are due to: - A buffer overflow error in 'elog.c' when processing malformed data. - An infinite loop in the 'replace_inline_img()' [elogd.c] function. - An input validation error when handling the 'subtext' parameter.

Affected

ELOG versions prior to 2.7.1

References

http://www.vupen.com/english/advisories/2008/0265
http://xforce.iss.net/xforce/xfdb/39903
https://midas.psi.ch/elog/download/ChangeLog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0444, CVE-2008-0445, CVE-2008-7004

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
AIMP ID3 Tag Buffer Overflow Vulnerability
Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
BSPlayer Stack Overflow Vulnerability BLS

ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities