漏洞信息详情
ELOG Web Logbook堆栈的缓冲区溢出漏洞
- CNNVD编号:CNNVD-200602-162
- 危害等级: 高危
- CVE编号: CVE-2006-0597
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-02-13
- 威胁类型: 远程
- 更新时间: 2006-02-14
- 厂 商: stefan_ritt
- 漏洞来源: These issues were ...
漏洞简介
elog 2.5.7 r1558-4之前版本的elogd.c中存在多个基于堆栈的缓冲区溢出漏洞。远程攻击者可以借助长\"revision属性\"造成拒绝服务(应用程序崩溃),并可能执行代码。
漏洞公告
目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本。
log Web Logbook Elog Web Logbook 2.5.7
Debian elog_2.5.7+r1558-4+sarge2_alpha.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_alpha.deb
Debian elog_2.5.7+r1558-4+sarge2_amd64.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_amd64.deb
Debian elog_2.5.7+r1558-4+sarge2_arm.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_arm.deb
Debian elog_2.5.7+r1558-4+sarge2_hppa.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_hppa.deb
Debian elog_2.5.7+r1558-4+sarge2_i386.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_i386.deb
Debian elog_2.5.7+r1558-4+sarge2_ia64.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_ia64.deb
Debian elog_2.5.7+r1558-4+sarge2_m68k.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_m68k.deb
Debian elog_2.5.7+r1558-4+sarge2_mips.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_mips.deb
Debian elog_2.5.7+r1558-4+sarge2_mipsel.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_mipsel.deb
Debian elog_2.5.7+r1558-4+sarge2_powerpc.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_powerpc.deb
Debian elog_2.5.7+r1558-4+sarge2_s390.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_s390.deb
Debian elog_2.5.7+r1558-4+sarge2_sparc.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4
+sarge2_sparc.deb
参考网址
来源: DEBIAN
名称: DSA-967
链接:http://www.debian.org/security/2006/dsa-967
来源: SECUNIA
名称: 18783
链接:http://secunia.com/advisories/18783
来源: BID
名称: 16579
链接:http://www.securityfocus.com/bid/16579
来源: MISC
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528
来源: MISC
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi/0001-r1333-Fixed-crashes-with-very-long-revisions-attributes.txt?bug=349528;msg=15;att=1
来源: XF
名称: elog-elogd-bo(24704)
链接:http://xforce.iss.net/xforce/xfdb/24704
受影响实体
- Stefan_ritt Elog_web_logbook:2.0.0
- Stefan_ritt Elog_web_logbook:2.0.1
- Stefan_ritt Elog_web_logbook:2.0.2
- Stefan_ritt Elog_web_logbook:2.0.3
- Stefan_ritt Elog_web_logbook:2.0.4
补丁
暂无
评论