漏洞信息详情
ELOG Web Logbook 'elogd.c' show_elog_list函数拒绝服务漏洞
- CNNVD编号:CNNVD-200612-591
- 危害等级: 中危
- CVE编号: CVE-2006-6318
- 漏洞类型: 其他
- 发布时间: 2006-12-28
- 威胁类型: 远程
- 更新时间: 2007-01-10
- 厂 商: stefan_ritt
- 漏洞来源: Jayesh KS and Arun...
漏洞简介
elog 2.6.2及更早版本中的elogd.c中的show_elog_list函数存在拒绝服务漏洞。远程认证用户通过试图访问名字以\"global\"开始的logbook,导致空指针引用,从而发起拒绝服务攻击(守护程序崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Elog Web Logbook Elog Web Logbook 2.0 .0
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.1
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.2
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.3
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.4
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.0.5
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1 .0
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.1
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.2
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.1.3
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2 .0
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.1
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.2
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.3
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.2.4
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.4
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5.6
Elog Web Logbook elog-latest.tar.gz
http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz
Elog Web Logbook Elog Web Logbook 2.5.7
Debian elog_2.5.7+r1558-4+sarge3_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_alpha.deb
Debian elog_2.5.7+r1558-4+sarge3_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_amd64.deb
Debian elog_2.5.7+r1558-4+sarge3_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_arm.deb
Debian elog_2.5.7+r1558-4+sarge3_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_hppa.deb
Debian elog_2.5.7+r1558-4+sarge3_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_i386.deb
Debian elog_2.5.7+r1558-4+sarge3_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_ia64.deb
Debian elog_2.5.7+r1558-4+sarge3_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_m68k.deb
Debian elog_2.5.7+r1558-4+sarge3_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mips.deb
Debian elog_2.5.7+r1558-4+sarge3_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mipsel.deb
Debian elog_2.5.7+r1558-4+sarge3_powerpc.deb
Debian GNU/Linux 3.1 alias sarg
参考网址
来源: BID
名称: 21028
链接:http://www.securityfocus.com/bid/21028
来源: DEBIAN
名称: DSA-1242
链接:http://www.debian.org/security/2006/dsa-1242
来源: SECUNIA
名称: 23580
链接:http://secunia.com/advisories/23580
来源: MISC
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875
来源: BUGTRAQ
名称: 20061113 ELOG Web Logbook Remote Denial of Service Vulnerability
链接:http://www.securityfocus.com/archive/1/451351
来源: SECTRACK
名称: 1017450
链接:http://securitytracker.com/id?1017450
来源: OSVDB
名称: 30272
链接:http://www.osvdb.org/30272
来源: VUPEN
名称: ADV-2006-4423
链接:http://www.frsirt.com/english/advisories/2006/4423
来源: SREASON
名称: 2060
链接:http://securityreason.com/securityalert/2060
来源: SECUNIA
名称: 22800
链接:http://secunia.com/advisories/22800
来源: FULLDISC
名称: 20061112 ELOG Web Logbook Remote Denial of Service Vulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.HTML
受影响实体
- Stefan_ritt Elog_web_logbook:2.1.0
- Stefan_ritt Elog_web_logbook:2.0.5
- Stefan_ritt Elog_web_logbook:2.0.4
- Stefan_ritt Elog_web_logbook:2.0.3
- Stefan_ritt Elog_web_logbook:2.0.2
补丁
暂无
评论