Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3626

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3626
Last Modified 30 Jan 2012 12:00:00
Published 27 Jan 2012 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3626

Summary

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.

Vulnerable Systems

Application

  • Drusus Logsurfer 1.1

  • Drusus Logsurfer 1.2

  • Drusus Logsurfer 1.3

  • Drusus Logsurfer 1.4

  • Drusus Logsurfer 1.41

  • Drusus Logsurfer 1.5

  • Drusus Logsurfer 1.5a

  • Drusus Logsurfer 1.5b

  • Kerry Thompson Logsurfer%2b 1.5a

  • Kerry Thompson Logsurfer%2b 1.5b

  • Kerry Thompson Logsurfer%2b 1.6

  • Kerry Thompson Logsurfer%2b 1.6a

  • Kerry Thompson Logsurfer%2b 1.6b

  • Kerry Thompson Logsurfer%2b 1.7


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=387397

MLIST - [oss-security] 20111017 Re: CVE request: double-free vulnerability in logsurfer

MLIST - [oss-security] 20111017 CVE request: double-free vulnerability in logsurfer

GENTOO - GLSA-201201-04

SECUNIA - 47725

SECUNIA - 46389


Last Updated: 27 May 2016 10:57:24