CVE-2011-3626

Published Jan 27, 2012

Last updated 13 years ago

CVSS info 7.5

Overview

Description: Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "660B25B1-F025-4141-86DB-756ECFE484DE",
            "versionEndIncluding": "1.5b"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7007B7A6-AC58-41D3-B12C-59EBBA32BB93"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D6BCA4-7458-4E85-A46E-96D88EE1BB97"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B2D06B-C5DC-4352-A973-49928EC8D515"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A084F1D-D768-4609-8842-9B2B5C045F3A"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0139D7D-3707-49A4-8877-302C35BEEA30"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.5:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B85B99DD-667F-4DBD-8CFD-E90D244143DD"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.5:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D9DF3EA-5582-40F0-A65B-83672F98499E"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.5a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B68754D8-3C5A-446D-BB3E-0C20DC687141"
          },
          {
            "criteria": "cpe:2.3:a:drusus:logsurfer:1.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB0DACA3-2510-4148-B80C-0BAE97CD57E9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A4C643-8516-47B1-9BBD-CF1950ECC4A4",
            "versionEndIncluding": "1.7"
          },
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:1.5a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1426FD2C-CF14-492C-8B87-B6D2B20E5221"
          },
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:1.5b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B11F967-3257-488C-BA94-508B2CAADBF0"
          },
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BAEAD0D-148C-44A8-8468-75880D61CC74"
          },
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:1.6a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBE3E01F-5632-4A1B-93C7-F676674836EC"
          },
          {
            "criteria": "cpe:2.3:a:kerry_thompson:logsurfer\\+:1.6b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C782C8C7-6B52-449B-BA87-DFB9F0DEB182"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References