ELOG Web Logbook拒绝服务漏洞
| CNNVD-ID编号 | CNNVD-200602-167 | CVE编号 | CVE-2006-0600 |
| 发布时间 | 2006-02-13 | 更新时间 | 2006-02-14 |
| 漏洞类型 | 资料不足 | 漏洞来源 | These issues were disclosed in the referenced Debian security advisory. |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | stefan_ritt | ||
漏洞介绍
elog 2.5.7 r1558-4之前的版本可使远程攻击者借助fail参数设置为1的请求(这将重定向到相同请求)造成拒绝服务(无限重定向)。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Elog Web Logbook Elog Web Logbook 2.5.7
Debian elog_2.5.7+r1558-4+sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_alpha.deb
Debian elog_2.5.7+r1558-4+sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_amd64.deb
Debian elog_2.5.7+r1558-4+sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_arm.deb
Debian elog_2.5.7+r1558-4+sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_hppa.deb
Debian elog_2.5.7+r1558-4+sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_i386.deb
Debian elog_2.5.7+r1558-4+sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_ia64.deb
Debian elog_2.5.7+r1558-4+sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_m68k.deb
Debian elog_2.5.7+r1558-4+sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_mips.deb
Debian elog_2.5.7+r1558-4+sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_mipsel.deb
Debian elog_2.5.7+r1558-4+sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_powerpc.deb
Debian elog_2.5.7+r1558-4+sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_s390.deb
Debian elog_2.5.7+r1558-4+sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_sparc.deb
参考网址
来源: DEBIAN
名称: DSA-967
链接:http://www.debian.org/security/2006/dsa-967
来源: SECUNIA
名称: 18783
链接:http://secunia.com/advisories/18783
来源: BID
名称: 16579
链接:http://www.securityfocus.com/bid/16579
来源: MISC
来源: MISC
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528
受影响实体
Stefan_ritt Elog_web_logbook:2.5.6 Stefan_ritt Elog_web_logbook:2.5 Stefan_ritt Elog_web_logbook:2.2.4 Stefan_ritt Elog_web_logbook:2.4 Stefan_ritt Elog_web_logbook:2.2.1信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-167
评论