Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 1242-1 (elog)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to elog announced via advisory DSA 1242-1. Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-5063 Tilman Koschnick discovered that log entry editing in HTML is vulnerable to cross-site scripting. This update disables the vulnerable code. CVE-2006-5790 Ulf Harnhammar of the Debian Security Audit Project discovered several format string vulnerabilities in elog, which may lead to execution of arbitrary code. CVE-2006-5791 Ulf Harnhammar of the Debian Security Audit Project discovered cross-site scripting vulnerabilities in the creation of new logbook entries. CVE-2006-6318 Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs insufficient error handling in config file parsing, which may lead to denial of service through a NULL pointer dereference.
Solution
Solution
For the stable distribution (sarge) these problems have been fixed in version 2.5.7+r1558-4+sarge3. The upcoming stable distribution (etch) will no longer include elog. For the unstable distribution (sid) these problems have been fixed in version 2.6.2+r1754-1. We recommend that you upgrade your elog package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201242-1