Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Known ELOG Vulnerabilities  Not logged in ELOG logo
Message ID: 5     Entry time: Wed Jan 30 11:44:39 2008
Date reported:January 24, 2008 
Date fixed:January 22, 2008 
Problem: Three different vulnerabilities 
Versions: prior to 2.7.1 
Risk: Medium 
Solution: Upgrade to version 2.7.1 

Multiple vulnerabilities have been identified in ELOG, which could be exploited by attackers to execute arbitrary scripting code, cause a denial of service or compromise a vulnerable system.

The first issue is caused by a buffer overflow error in "elog.c" when processing malformed data, which could be exploited to crash an affected application or execute arbitrary code.

The second vulnerability is caused by an infinite loop in the "replace_inline_img()" [elogd.c] function, which could be exploited to crash an affected application.

The third issue is caused by an input validation error when handling the "subtext" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrators's browser in the security context of an affected Web site.

ELOG V3.1.5-fe60aaf