漏洞信息详情

ELOG Web Logbook 'elogd.c' show_elog_list函数拒绝服务漏洞

  • CNNVD编号:CNNVD-200612-591
  • 危害等级: 中危
  • CVE编号: CVE-2006-6318
  • 漏洞类型: 其他
  • 发布时间: 2006-12-28
  • 威胁类型: 远程
  • 更新时间: 2007-01-10
  • 厂        商: stefan_ritt
  • 漏洞来源: Jayesh KS and Arun...

漏洞简介

elog 2.6.2及更早版本中的elogd.c中的show_elog_list函数存在拒绝服务漏洞。远程认证用户通过试图访问名字以\"global\"开始的logbook,导致空指针引用,从而发起拒绝服务攻击(守护程序崩溃)。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:

Elog Web Logbook Elog Web Logbook 2.0 .0

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.0.1

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.0.2

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.0.3

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.0.4

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.0.5

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.1 .0

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.1.1

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.1.2

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.1.3

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.2 .0

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.2.1

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.2.2

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.2.3

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.2.4

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.4

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.5

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.5.6

Elog Web Logbook elog-latest.tar.gz

http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz

Elog Web Logbook Elog Web Logbook 2.5.7

Debian elog_2.5.7+r1558-4+sarge3_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_alpha.deb

Debian elog_2.5.7+r1558-4+sarge3_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_amd64.deb

Debian elog_2.5.7+r1558-4+sarge3_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_arm.deb

Debian elog_2.5.7+r1558-4+sarge3_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_hppa.deb

Debian elog_2.5.7+r1558-4+sarge3_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_i386.deb

Debian elog_2.5.7+r1558-4+sarge3_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_ia64.deb

Debian elog_2.5.7+r1558-4+sarge3_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_m68k.deb

Debian elog_2.5.7+r1558-4+sarge3_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mips.deb

Debian elog_2.5.7+r1558-4+sarge3_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge3_mipsel.deb

Debian elog_2.5.7+r1558-4+sarge3_powerpc.deb

Debian GNU/Linux 3.1 alias sarg

参考网址

来源: BID

名称: 21028

链接:http://www.securityfocus.com/bid/21028

来源: DEBIAN

名称: DSA-1242

链接:http://www.debian.org/security/2006/dsa-1242

来源: SECUNIA

名称: 23580

链接:http://secunia.com/advisories/23580

来源: MISC

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397875

来源: BUGTRAQ

名称: 20061113 ELOG Web Logbook Remote Denial of Service Vulnerability

链接:http://www.securityfocus.com/archive/1/451351

来源: SECTRACK

名称: 1017450

链接:http://securitytracker.com/id?1017450

来源: OSVDB

名称: 30272

链接:http://www.osvdb.org/30272

来源: VUPEN

名称: ADV-2006-4423

链接:http://www.frsirt.com/english/advisories/2006/4423

来源: SREASON

名称: 2060

链接:http://securityreason.com/securityalert/2060

来源: SECUNIA

名称: 22800

链接:http://secunia.com/advisories/22800

来源: FULLDISC

名称: 20061112 ELOG Web Logbook Remote Denial of Service Vulnerability

链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0198.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多