User: Password:
|
|
Subscribe / Log in / New account

logsurfer: arbitrary code execution

Package(s):logsurfer CVE #(s):CVE-2011-3626
Created:January 23, 2012 Updated:January 25, 2012
Description: From the Gentoo advisory:

Logsurfer log files may contain substrings used for executing external commands. The prepare_exec() function in src/exec.c contains a double-free vulnerability.

A remote attacker could inject specially-crafted strings into a log file processed by Logsurfer, resulting in the execution of arbitrary code with the permissions of the Logsurfer user.

Alerts:
Gentoo 201201-04 logsurfer 2012-01-20

(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds