AOH :: HP Unsorted E :: B06-5714.HTM

ELOG Web Logbook Remote Denial of Service Vulnerability



ELOG Web Logbook Remote Denial of Service Vulnerability
ELOG Web Logbook Remote Denial of Service Vulnerability



------=_Part_41268_21679550.1163395947194
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Remote exploitation of a denial of service vulnerability in ELOG's
elogd server allows attackers to crash the service, thereby preventing
legitimate access.
(http://midas.psi.ch/elog/index.html) 

Attached is the advisory which details the vulnerability.

Thanks,
OS2A

------=_Part_41268_21679550.1163395947194
Content-Type: text/plain; name=os2a_1008.txt; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: base64
X-Attachment-Id: f_eugfsr3y
Content-Disposition: attachment; filename="os2a_1008.txt"

RUxPRyBXZWIgTG9nYm9vayBSZW1vdGUgRGVuaWFsIG9mIFNlcnZpY2UgVnVsbmVyYWJpbGl0eQoK
Ck9TMkEgSUQ6IE9TMkFfMTAwOAkJCVN0YXR1czoKCQkJCQkxMC8zMS8yMDA2CUlzc3VlIERpc2Nv
dmVyZWQKCQkJCSAgICAgICAgMTEvMDgvMjAwNglSZXBvcnRlZCB0byB0aGUgVmVuZG9yCgkJCQkJ
MTEvMDgvMjAwNglGaXhlZCBieSBWZW5kb3IKCQkJCQkxMS8xMC8yMDA2CUFkdmlzb3J5IFJlbGVh
c2VkCgkJCQkJCgpDbGFzczogRGVuaWFsIG9mIFNlcnZpY2UJCVNldmVyaXR5OiBNZWRpdW0KCgpP
dmVydmlldzoKLS0tLS0tLS0tClRoZSBFbGVjdHJvbmljIExvZ2Jvb2sgKEVMT0cpIGlzIHBhcnQg
b2YgYSBmYW1pbHkgb2YgYXBwbGljYXRpb25zIGtub3duIGFzCndlYmxvZ3MuIEVMT0cgaXMgYSBy
ZW1hcmthYmxlIGltcGxlbWVudGF0aW9uIG9mIGEgd2VibG9nIGluIGl0cyBzaW1wbGljaXR5IG9m
CnVzZSBhbmQgdmVyc2F0aWxpdHkuCmh0dHA6Ly9taWRhcy5wc2kuY2gvZWxvZy9pbmRleC5odG1s
CgpEZXNjcmlwdGlvbjoKLS0tLS0tLS0tLS0tClJlbW90ZSBleHBsb2l0YXRpb24gb2YgYSBkZW5p
YWwgb2Ygc2VydmljZSB2dWxuZXJhYmlsaXR5IGluIEVMT0cncwplbG9nZCBzZXJ2ZXIgYWxsb3dz
IGF0dGFja2VycyB0byBjcmFzaCB0aGUgc2VydmljZSwgdGhlcmVieSBwcmV2ZW50aW5nCmxlZ2l0
aW1hdGUgYWNjZXNzLgoKVGhlIFtnbG9iYWxdICBzZWN0aW9uIGluIGNvbmZpZ3VyYXRpb24gZmls
ZSBlbG9nZC5jZmcgaXMgdXNlZCBmb3Igc2V0dGluZ3MKY29tbW9uIHRvIGFsbCBsb2dib29rcy4g
VGhlIHZ1bG5lcmFiaWxpdHkgaXMgZHVlIHRvIGltcHJvcGVyIGhhbmRsaW5nIG9mIGFuCkhUVFAg
R0VUIHJlcXVlc3QgaWYgbG9nYm9vayBuYW1lICdnbG9iYWwnIChvciBhbnkgbG9nYm9vayBuYW1l
IHByZWZpeGVkCndpdGggZ2xvYmFsKSBpcyB1c2VkIGluIHRoZSByZXF1ZXN0LiBXaGVuIHN1Y2gg
YSByZXF1ZXN0IGlzIHJlY2VpdmVkLAphIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSBvY2N1cnMs
IGxlYWRpbmcgdG8gYSBjcmFzaCBvZiB0aGUgc2VydmljZS4gCgpPbmx5IGF1dGhlbnRpY2F0ZWQg
dXNlcnMgY2FuIGV4cGxvaXQgdGhpcyB2dWxuZXJhYmlsaXR5IGlmIHRoZSBhcHBsaWNhdGlvbgpp
cyBjb25maWd1cmVkIHdpdGggcGFzc3dvcmQuCgpJbXBhY3Q6Ci0tLS0tLS0KU3VjY2Vzc2Z1bCBl
eHBsb2l0YXRpb24gYWxsb3dzIGEgcmVtb3RlIGF0dGFja2VyIHRvIGNyYXNoIHRoZSBlbG9nZCBz
ZXJ2ZXIuCgpBZmZlY3RlZCBTb2Z0d2FyZShzKToKLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkVMT0cg
Mi42LjIgKFNWTiByZXZpc2lvbiAxNzQ4KSBhbmQgcHJpb3IuIApEZWJpYW4gcGFja2FnZSBlbG9n
IDIuNi4yK3IxNzE5LTEgYW5kIHByaW9yIGFyZSBhbHNvIHZ1bG5lcmFibGUuCgpQcm9vZiBvZiBD
b25jZXB0OgotLS0tLS0tLS0tLS0tLS0tLQpUaGUgSFRUUCBHRVQgcmVxdWVzdCBnaXZlbiBiZWxv
dyBpcyBzdWZmaWNpZW50IHRvIGNyYXNoIGFmZmVjdGVkIHNlcnZlcjoKaHR0cDovL3d3dy5leGFt
cGxlLmNvbS9nbG9iYWwvCm9yCkNyZWF0ZSBhIGxvZ2Jvb2sgW2dsb2JhbF94eHhdIG9yIFtnbG9i
YWwgeHh4XSBpbiBlbG9nZC5jZmcKYW5kIHRyeSB0byBhY2Nlc3MgaXQgdXNpbmcgYSBicm93c2Vy
LgpodHRwOi8vd3d3LmV4YW1wbGUuY29tL2dsb2JhbF94eHgvCmh0dHA6Ly93d3cuZXhhbXBsZS5j
b20vZ2xvYmFsJTIweHh4LwoKQW5hbHlzaXM6Ci0tLS0tLS0tLS0tCiNnZGIgLi9lbG9nZAouLi4K
Li4uCgooZ2RiKSBicmVhayBzaG93X2Vsb2dfbGlzdApCcmVha3BvaW50IDIgYXQgMHg4MDlkNmUw
CgooZ2RiKSBjCkNvbnRpbnVpbmcuCihubyBkZWJ1Z2dpbmcgc3ltYm9scyBmb3VuZCkKZWxvZ2Qg
Mi42LjIgYnVpbHQgTm92ICA4IDIwMDYsIDAxOjI1OjQ4IHJldmlzaW9uIDE2OTkKRmFsbGluZyBi
YWNrIHRvIGRlZmF1bHQgZ3JvdXAgImVsb2ciCkZhbGxpbmcgYmFjayB0byBkZWZhdWx0IHVzZXIg
ImVsb2ciCkluZGV4aW5nIGxvZ2Jvb2tzIC4uLiBkb25lClNlcnZlciBsaXN0ZW5pbmcgb24gcG9y
dCA4MDgwIC4uLgoKQnJlYWtwb2ludCAyLCAweDA4MDlkNmUwIGluIHNob3dfZWxvZ19saXN0ICgp
CihnZGIpIGMKQ29udGludWluZy4KClByb2dyYW0gcmVjZWl2ZWQgc2lnbmFsIFNJR1NFR1YsIFNl
Z21lbnRhdGlvbiBmYXVsdC4KMHgwODA5ZWI3YSBpbiBzaG93X2Vsb2dfbGlzdCAoKQoKKGdkYikg
YnQKIzAgIDB4MDgwOWViN2EgaW4gc2hvd19lbG9nX2xpc3QgKCkKIzEgIDB4MDAwMDAwMDAgaW4g
Pz8gKCkKCihnZGIpIGkgcgplYXggICAgICAgICAgICAweDAgICAgICAwCmVjeCAgICAgICAgICAg
IDB4OWQ0M2Q4OCAgICAgICAgMTY0OTA0MzI4CmVkeCAgICAgICAgICAgIDB4MCAgICAgIDAKZWJ4
ICAgICAgICAgICAgMHgwICAgICAgMAplc3AgICAgICAgICAgICAweGJmYThhY2EwICAgICAgIDB4
YmZhOGFjYTAKZWJwICAgICAgICAgICAgMHg4MGRmNDBjICAgICAgICAweDgwZGY0MGMKZXNpICAg
ICAgICAgICAgMHhiZmIyNzA1MCAgICAgICAtMTA3ODgyNDg4MAplZGkgICAgICAgICAgICAweDAg
ICAgICAwCmVpcCAgICAgICAgICAgIDB4ODA5ZWI3YSAgICAgICAgMHg4MDllYjdhCmVmbGFncyAg
ICAgICAgIDB4MjAwMjQ2IDIwOTc3MzQKY3MgICAgICAgICAgICAgMHg3MyAgICAgMTE1CnNzICAg
ICAgICAgICAgIDB4N2IgICAgIDEyMwpkcyAgICAgICAgICAgICAweDdiICAgICAxMjMKZXMgICAg
ICAgICAgICAgMHg3YiAgICAgMTIzCmZzICAgICAgICAgICAgIDB4MCAgICAgIDAKZ3MgICAgICAg
ICAgICAgMHgzMyAgICAgNTEKCihnZGIpIHgvaSAkZWlwCjB4ODA5ZWI3YSA8c2hvd19lbG9nX2xp
c3QrNTI3ND46ICAgICAgICBtb3YgICAgKCVlYXgpLCVlYXgKClRoZSB2dWxuZXJhYmxlIGNvZGUg
aXMgYXQgTGluZToxNjc3NCBvZiBlbG9nZC5jLCAKbl9tc2cgPSAqbGJzLT5uX2VsX2luZGV4Owp3
aGVyZSB0aGUgcG9pbnRlciBsYnMgaXMgZGVyZWZlcmVuY2VkIGJlZm9yZSBiZWluZyBudWxsIGNo
ZWNrZWQuCgotLS0gZWxvZ2QuYywgc2hvd19lbG9nX2xpc3QoKSAtLS0tLQoKfSBlbHNlIHsKICAg
ICAgbl9sb2dib29rID0gMTsKICAgICAgbl9tc2cgPSAqbGJzLT5uX2VsX2luZGV4OwogICB9Cgog
ICBtc2dfbGlzdCA9IHhtYWxsb2Moc2l6ZW9mKE1TR19MSVNUKSAqIG5fbXNnKTsKCi0tLWVsb2dk
LmMsIHNob3dfZWxvZ19saXN0KCkgLS0tLS0KCgpDVlNTIFNjb3JlIFJlcG9ydDoKLS0tLS0tLS0t
LS0tLS0tLS0KICAgIEFDQ0VTU19WRUNUT1IgICAgICAgICAgPSBSRU1PVEUKICAgIEFDQ0VTU19D
T01QTEVYSVRZICAgICAgPSBMT1cKICAgIEFVVEhFTlRJQ0FUSU9OICAgICAgICAgPSBOT1RfUkVR
VUlSRUQKICAgIENPTkZJREVOVElBTElUWV9JTVBBQ1QgPSBOT05FCiAgICBJTlRFR1JJVFlfSU1Q
QUNUICAgICAgID0gTk9ORQogICAgQVZBSUxBQklMSVRZX0lNUEFDVCAgICA9IENPTVBMRVRFCiAg
ICBJTVBBQ1RfQklBUyAgICAgICAgICAgID0gQVZBSUxBQklMSVRZCiAgICBFWFBMT0lUQUJJTElU
WSAgICAgICAgID0gRlVOQ1RJT05BTAogICAgUkVNRURJQVRJT05fTEVWRUwgICAgICA9IE9GRklD
SUFMX0ZJWAogICAgUkVQT1JUX0NPTkZJREVOQ0UgICAgICA9IENPTkZJUk1FRAogICAgQ1ZTUyBC
YXNlIFNjb3JlICAgICAgICA9IDUuMCAoQVY6Ui9BQzpML0F1Ok5SL0M6Ti9JOk4vQTpDL0I6QSkK
ICAgIENWU1MgVGVtcG9yYWwgU2NvcmUgICAgPSA0LjEKICAgIFJpc2sgZmFjdG9yICAgICAgICAg
ICAgPSBNZWRpdW0KCgoKVmVuZG9yIFJlc3BvbnNlOgotLS0tLS0tLS0tLS0tLS0KVmVuZG9yIGhh
cyBhY2tub3dsZWRnZWQgdGhlIHZ1bG5lcmFiaWxpdHkgYW5kIHJlbGVhc2VkIGEgZml4ZWQgdmVy
c2lvbiwKRUxPRyB2ZXJzaW9uIDIuNi4yLTcgKFNWTiByZXZpc2lvbiAxNzQ5KS4KaHR0cDovL3Nh
dmFubmFoLnBzaS5jaC93ZWJzdm4vbG9nLnBocD9yZXBuYW1lPWVsb2cmcGF0aD0lMkZ0cnVuayUy
RiZyZXY9MCZzYz0wJmlzZGlyPTEKKFJldmlzaW9ucyAxNzQ2LTE3NDkpCgpEZWJpYW4gaGFzIGZp
eGVkIHRoaXMgaXNzdWUgaW4gZWxvZ18yLjYuMityMTc1NC0xLApodHRwOi8vYnVncy5kZWJpYW4u
b3JnL2NnaS1iaW4vYnVncmVwb3J0LmNnaT9idWc9Mzk3ODc1CgpTb2x1dGlvbjoKLS0tLS0tLS0t
Ckluc3RhbGwgdGhlIGZpeGVkIHZlcnNpb24sCkVMT0cgdmVyc2lvbiAyLjYuMi03IChTVk4gcmV2
aXNpb24gMTc0OSkgb3IgbGF0ZXIuCmh0dHA6Ly9taWRhcy5wc2kuY2gvZWxvZy9kb3dubG9hZC5o
dG1sCgpGb3IgZGViaWFuLCB1cGRhdGUgdG8gZWxvZ18yLjYuMityMTc1NC0xIG9yIGxhdGVyLgoK
CkNyZWRpdHM6Ci0tLS0tLS0KSmF5ZXNoIEtTIGFuZCBBcnVuIEtldGhpcGVsbHkgb2YgT1MyQSBo
YXZlIGJlZW4gY3JlZGl0ZWQgd2l0aCB0aGUgZGlzY292ZXJ5IGFuZAphbmFseXNpcyBvZiB0aGlz
IHZ1bG5lcmFiaWxpdHkuCgo------=_Part_41268_21679550.1163395947194--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.