Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Known ELOG Vulnerabilities  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Message ID: 1     Entry time: Wed Jan 30 11:23:10 2008
Date reported:December 20, 2005 
Date fixed:February 14, 2005 
Problem: Overly large parameters can cause execution of arbitrary code (buffer overflow) 
Versions: prior to 2.5.7 
Risk: High 
Solution: Upgrade to version 2.5.7 

A vulnerability has been identified in ELOG, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an input validation error in "elogd" that does not properly handle an overly large value passed to the "cmd" and "mode" parameters, which could be exploited by remote attackers to crash a vulnerable system.

ELOG V3.1.5-3fb85fa6