| VID |
21817 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of ELOG Web Logbook which is older than version 2.5.7 is detected as installed on the host. ELOG is a freely available open-source Web-based logbook program. ELOG version 2.5.6 and earlier versions are vulnerable to a heap-based buffer overflow vulnerability and an information disclosure vulnerability. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the affected system, and also to bypass authentication and download a configuration file that contains a sensitive write password.
* Note: This check solely relied on the version number of ELOG Web Logbook installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securiteam.com/exploits/5OP0B0UEUG.html
http://secunia.com/advisories/14268/
* Platforms Affected:
ELOG version 2.5.6 and earlier versions
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of ELOG (2.5.7 or later), available from the ELOG Download Web page at http://midas.psi.ch/elog/download.html |
| Related URL |
CVE-2005-0439,CVE-2005-0440 (CVE) |
| Related URL |
12556,12639,12640 (SecurityFocus) |
| Related URL |
19313,19323 (ISS) |
|
