Vulnerability Name:

CVE-2005-4439 (CCN-23838)

Assigned:2005-12-19
Published:2005-12-19
Updated:2017-07-20
Summary:Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Dec 19 2005 - 04:10:29 CST
elogd 2.6.0 overflow

Source: MITRE
Type: CNA
CVE-2005-4439

Source: MITRE
Type: CNA
CVE-2006-0600

Source: CCN
Type: PenguinSoft Web site
elogd - web server program for Electronic Logbook ELOG Linux Man Page

Source: FULLDISC
Type: UNKNOWN
20051219 elogd 2.6.0 overflow

Source: CCN
Type: SA18124
ELOG Long Parameter Value Denial of Service Vulnerability

Source: SECUNIA
Type: Exploit, Vendor Advisory
18124

Source: SECUNIA
Type: UNKNOWN
18783

Source: CCN
Type: SECTRACK ID: 1015379
ELOG elogd Can Be Crashed By Remote Users

Source: SECTRACK
Type: UNKNOWN
1015379

Source: DEBIAN
Type: UNKNOWN
DSA-967

Source: DEBIAN
Type: DSA-967
elog -- several vulnerabilities

Source: OSVDB
Type: UNKNOWN
21844

Source: CCN
Type: OSVDB ID: 21844
ELOG Multiple Parameter Overflow DoS

Source: BID
Type: UNKNOWN
15932

Source: CCN
Type: BID-15932
ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities

Source: CCN
Type: BID-16579
ELOG Web Logbook Multiple Remote Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-3000

Source: XF
Type: UNKNOWN
elogd-http-request-bo(23838)

Source: XF
Type: UNKNOWN
elogd-http-request-bo(23838)

Source: XF
Type: UNKNOWN
elog-cmd-mode-bo(24703)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:elog:elogd:2.6.0_beta4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-4439 (CCN-24703)

    Assigned:2005-12-21
    Published:2006-02-10
    Updated:2006-02-10
    Summary:ELOG is vulnerable to a buffer overflow, caused by improper bounds checking of a URL. By sending a URL request containing an overly long cmd or mode parameter, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
    5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2005-4439

    Source: CCN
    Type: Full-Disclosure Mailing List, 2005-12-19 10:10:29
    elogd 2.6.0 overflow

    Source: CCN
    Type: ELOG download page
    ELOG download page

    Source: CCN
    Type: SA18124
    ELOG Long Parameter Value Denial of Service Vulnerability

    Source: CCN
    Type: SECTRACK ID: 1015379
    ELOG elogd Can Be Crashed By Remote Users

    Source: DEBIAN
    Type: DSA-967
    elog -- several vulnerabilities

    Source: CCN
    Type: OSVDB ID: 21844
    ELOG Multiple Parameter Overflow DoS

    Source: CCN
    Type: BID-15932
    ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    elog-cmd-mode-bo(24703)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:967
    V
    		several vulnerabilities
    2006-02-10
    BACK
    elog elogd 2.6.0_beta4
    debian debian linux 3.1
    debian debian linux 3.1