ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
BID:21028
Info
ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
| Bugtraq ID: | 21028 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-6318 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 13 2006 12:00AM |
| Updated: | Jan 25 2007 04:28PM |
| Credit: | Jayesh KS and Arun Kethipelly of OS2A are credited with the discovery of this vulnerability. |
| Vulnerable: |
Elog Web Logbook Elog Web Logbook 2.6.2 SVN revision 1748 Elog Web Logbook Elog Web Logbook 2.6.2 Elog Web Logbook Elog Web Logbook 2.6.1 Elog Web Logbook Elog Web Logbook 2.6 .0 Elog Web Logbook Elog Web Logbook 2.5.7 Elog Web Logbook Elog Web Logbook 2.5.6 Elog Web Logbook Elog Web Logbook 2.5 Elog Web Logbook Elog Web Logbook 2.4 Elog Web Logbook Elog Web Logbook 2.2.4 Elog Web Logbook Elog Web Logbook 2.2.3 Elog Web Logbook Elog Web Logbook 2.2.2 Elog Web Logbook Elog Web Logbook 2.2.1 Elog Web Logbook Elog Web Logbook 2.2 .0 Elog Web Logbook Elog Web Logbook 2.1.3 Elog Web Logbook Elog Web Logbook 2.1.2 Elog Web Logbook Elog Web Logbook 2.1.1 Elog Web Logbook Elog Web Logbook 2.1 .0 Elog Web Logbook Elog Web Logbook 2.0.5 Elog Web Logbook Elog Web Logbook 2.0.4 Elog Web Logbook Elog Web Logbook 2.0.3 Elog Web Logbook Elog Web Logbook 2.0.2 Elog Web Logbook Elog Web Logbook 2.0.1 Elog Web Logbook Elog Web Logbook 2.0 .0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
Elog Web Logbook Elog Web Logbook 2.6.2-7 SVN revision |
Discussion
ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
ELOG Web Logbook is prone to a remote denial-of-service vulnerability because the application fails to properly handle specific HTTP requests that contain invalid information.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected application.
ELOG Web Logbook is prone to a remote denial-of-service vulnerability because the application fails to properly handle specific HTTP requests that contain invalid information.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected application.
Exploit / POC
ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
Solution:
The vendor has released ELOG version 2.6.2-7 (SVN revision 1749) to address this issue. Please see the references for more information.
Debian elog version 2.6.2+r1754-1 is also available to address this issue.
Elog Web Logbook Elog Web Logbook 2.0 .0
Elog Web Logbook Elog Web Logbook 2.0.1
Elog Web Logbook Elog Web Logbook 2.0.2
Elog Web Logbook Elog Web Logbook 2.0.3
Elog Web Logbook Elog Web Logbook 2.0.4
Elog Web Logbook Elog Web Logbook 2.0.5
Elog Web Logbook Elog Web Logbook 2.1 .0
Elog Web Logbook Elog Web Logbook 2.1.1
Elog Web Logbook Elog Web Logbook 2.1.2
Elog Web Logbook Elog Web Logbook 2.1.3
Elog Web Logbook Elog Web Logbook 2.2 .0
Elog Web Logbook Elog Web Logbook 2.2.1
Elog Web Logbook Elog Web Logbook 2.2.2
Elog Web Logbook Elog Web Logbook 2.2.3
Elog Web Logbook Elog Web Logbook 2.2.4
Elog Web Logbook Elog Web Logbook 2.4
Elog Web Logbook Elog Web Logbook 2.5
Elog Web Logbook Elog Web Logbook 2.5.6
Elog Web Logbook Elog Web Logbook 2.5.7
Elog Web Logbook Elog Web Logbook 2.6 .0
Elog Web Logbook Elog Web Logbook 2.6.1
Elog Web Logbook Elog Web Logbook 2.6.2 SVN revision 1748
Elog Web Logbook Elog Web Logbook 2.6.2
Solution:
The vendor has released ELOG version 2.6.2-7 (SVN revision 1749) to address this issue. Please see the references for more information.
Debian elog version 2.6.2+r1754-1 is also available to address this issue.
Elog Web Logbook Elog Web Logbook 2.0 .0
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.1
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.2
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.3
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.4
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.5
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1 .0
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.1
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.2
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.3
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2 .0
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.1
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.2
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.3
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.4
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.4
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5.6
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5.7
-
Debian elog_2.5.7+r1558-4+sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_alpha.deb -
Debian elog_2.5.7+r1558-4+sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_amd64.deb -
Debian elog_2.5.7+r1558-4+sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_arm.deb -
Debian elog_2.5.7+r1558-4+sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_hppa.deb -
Debian elog_2.5.7+r1558-4+sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_i386.deb -
Debian elog_2.5.7+r1558-4+sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_ia64.deb -
Debian elog_2.5.7+r1558-4+sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_m68k.deb -
Debian elog_2.5.7+r1558-4+sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mips.deb -
Debian elog_2.5.7+r1558-4+sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mipsel.deb -
Debian elog_2.5.7+r1558-4+sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_powerpc.deb -
Debian elog_2.5.7+r1558-4+sarge3_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_s390.deb -
Debian elog_2.5.7+r1558-4+sarge3_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_sparc.deb -
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.6 .0
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.6.1
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.6.2 SVN revision 1748
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.6.2
-
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
References
ELOG Web Logbook ELogD Server Denial Of Service Vulnerability
References:
References:
- Debian bug report #397875 (Debian)
- Elog Web Logbook Homepage (Elog Web Logbook)
- ELOG Web Logbook Remote Denial of Service Vulnerability ("OS2A BTO"
)