|Created:||January 23, 2012||Updated:||January 25, 2012|
|Description:||From the Gentoo advisory:
Logsurfer log files may contain substrings used for executing external commands. The prepare_exec() function in src/exec.c contains a double-free vulnerability.
A remote attacker could inject specially-crafted strings into a log file processed by Logsurfer, resulting in the execution of arbitrary code with the permissions of the Logsurfer user.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds