Vulnerability Details : CVE-2011-3626
Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
Vulnerability category: Memory Corruption
Products affected by CVE-2011-3626
- cpe:2.3:a:drusus:logsurfer:*:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5a:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:beta:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:*:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.5b:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.5a:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6b:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3626
1.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3626
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-3626
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3626
-
https://bugs.gentoo.org/show_bug.cgi?id=387397
387397 – (CVE-2011-3626) <app-admin/logsurfer+-1.8 Double-free Vulnerability (CVE-2011-3626)Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2011/10/17/4
oss-security - Re: CVE request: double-free vulnerability in logsurfer
-
http://www.openwall.com/lists/oss-security/2011/10/17/2
oss-security - CVE request: double-free vulnerability in logsurferPatch
-
http://security.gentoo.org/glsa/glsa-201201-04.xml
Logsurfer: Arbitrary code execution (GLSA 201201-04) — Gentoo securityVendor Advisory
Jump to