ELOG EL_Submit Function Remote Format String Vulnerability
BID:20876
Info
ELOG EL_Submit Function Remote Format String Vulnerability
| Bugtraq ID: | 20876 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5790 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2006 12:00AM |
| Updated: | Jan 25 2007 04:28PM |
| Credit: | Ulf Harnhammar is credited with the discovery of this vulnerability. |
| Vulnerable: |
Elog Web Logbook Elog Web Logbook 2.6.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
ELOG EL_Submit Function Remote Format String Vulnerability
ELOG is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.
ELOG version 2.0.2 is vulnerable to this issue.
ELOG is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.
ELOG version 2.0.2 is vulnerable to this issue.
Exploit / POC
ELOG EL_Submit Function Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
ELOG EL_Submit Function Remote Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
ELOG EL_Submit Function Remote Format String Vulnerability
References:
References:
- Elog Web Logbook Homepage (Elog Web Logbook)