ELOG elogd.c format string

elog-elogd-format-string (24221) The risk level is classified as MediumMedium Risk

Description:

ELOG could allow a remote attacker to execute arbitrary commands on the system, caused by a format string vulnerability in the elogd.c write_logfile() function. If logging is enabled, a remote attacker could exploit this vulnerability by using a specially-crafted username from the login page, allowing the attacker to crash the server or possibly execute arbitrary code on the system.

Platforms Affected:

  • Debian, Debian Linux 3.1
  • Stefan Ritt, Elog Web Logbook prior to 2.6.1

Remedy:

Upgrade to the latest version of ELOG (2.6.1 or later), available from the ELOG download Web page. See References.

For Debian GNU/Linux:
Refer to DSA-967-1 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • ELOG ChangeLog, Version 2.6.1, released Jan 19th, 2005 at http://midas.psi.ch/elog/download/ChangeLog.
  • ELOG download page, ELOG download page at http://midas.psi.ch/elog/download.html.
  • BID-16315: ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
  • CVE-2006-0348: Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
  • DSA-967: elog -- several vulnerabilities
  • OSVDB ID: 22646: ELOG Login Page write_logfile() Remote Format String
  • SA18533: ELOG Multiple Security Issue and Vulnerabilities
  • VUPEN/ADV-2006-0262: ELOG Multiple Command Execution and Denial of Service Vulnerabilities

Reported:

Jan 19, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page