Debian DSA-967-1 : elog - several vulnerabilities

high Nessus Plugin ID 22833

Synopsis

The remote Debian host is missing a security-related update.

Description

Several security problems have been found in elog, an electronic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems :

- CVE-2005-4439 'GroundZero Security' discovered that elog insufficiently checks the size of a buffer used for processing URL parameters, which might lead to the execution of arbitrary code.

- CVE-2006-0347 It was discovered that elog contains a directory traversal vulnerability in the processing of '../' sequences in URLs, which might lead to information disclosure.

- CVE-2006-0348 The code to write the log file contained a format string vulnerability, which might lead to the execution of arbitrary code.

- CVE-2006-0597 Overly long revision attributes might trigger a crash due to a buffer overflow.

- CVE-2006-0598 The code to write the log file does not enforce bounds checks properly, which might lead to the execution of arbitrary code.

- CVE-2006-0599 elog emitted different errors messages for invalid passwords and invalid users, which allows an attacker to probe for valid user names.

- CVE-2006-0600 An attacker could be driven into infinite redirection with a crafted 'fail' request, which has denial of service potential.

Solution

Upgrade the elog package.

The old stable distribution (woody) does not contain elog packages.

For the stable distribution (sarge) these problems have been fixed in version 2.5.7+r1558-4+sarge2.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528

https://security-tracker.debian.org/tracker/CVE-2005-4439

https://security-tracker.debian.org/tracker/CVE-2006-0347

https://security-tracker.debian.org/tracker/CVE-2006-0348

https://security-tracker.debian.org/tracker/CVE-2006-0597

https://security-tracker.debian.org/tracker/CVE-2006-0598

https://security-tracker.debian.org/tracker/CVE-2006-0599

https://security-tracker.debian.org/tracker/CVE-2006-0600

http://www.debian.org/security/2006/dsa-967

Plugin Details

Severity: High

ID: 22833

File Name: debian_DSA-967.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:elog, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2/10/2006

Vulnerability Publication Date: 4/22/2005

Reference Information

CVE: CVE-2005-4439, CVE-2006-0347, CVE-2006-0348, CVE-2006-0597, CVE-2006-0598, CVE-2006-0599, CVE-2006-0600

DSA: 967