Analog anlgform.pl denial of service

analog-anlgform-dos (10344) The risk level is classified as MediumMedium Risk

Description:

Analog is vulnerable to a denial of service attack, caused by a vulnerability in the optional anlgform.pl form interface script. A remote attacker could use the PROGRESSFREQ progress update command to update the Web server error log continuously until all available disk resources are exhausted.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest version of Analog (5.24 or later), available from the Analog Web site. See References.

For Red Hat Powertools 7.1:
Upgrade to the latest version of Analog (5.24.-1 or later), as listed in RHSA-2002:059-13. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • Analog Web site: Analog: WWW logfile analysis.
  • Analog Web site : Analog: Security Warning, 14th May 2002.
  • CVE-2002-1154: anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
  • OSVDB ID: 3779: Analog anlgform.pl PROGRESSFREQ DoS
  • RHSA-2002-059: Updated analog packages are available

Platforms Affected:

  • RedHat Linux Powertools 7.1
  • Stephen Turner Analog prior to 5.23

Reported:

May 14, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page