CVE-2011-3626

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
drususlogsurfer
𝑥
≤ 1.5b
drususlogsurfer
1.1
drususlogsurfer
1.2
drususlogsurfer
1.3
drususlogsurfer
1.4
drususlogsurfer
1.5
drususlogsurfer
1.5:beta
drususlogsurfer
1.5:beta2
drususlogsurfer
1.5a:a
drususlogsurfer
1.41
kerry_thompsonlogsurfer\+
𝑥
≤ 1.7
kerry_thompsonlogsurfer\+
1.5a:a
kerry_thompsonlogsurfer\+
1.5b:b
kerry_thompsonlogsurfer\+
1.6
kerry_thompsonlogsurfer\+
1.6a:a
kerry_thompsonlogsurfer\+
1.6b:b
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/46389
http://secunia.com/advisories/47725
http://security.gentoo.org/glsa/glsa-201201-04.xml
http://www.openwall.com/lists/oss-security/2011/10/17/2
http://www.openwall.com/lists/oss-security/2011/10/17/4
https://bugs.gentoo.org/show_bug.cgi?id=387397
http://secunia.com/advisories/46389
http://secunia.com/advisories/47725
http://security.gentoo.org/glsa/glsa-201201-04.xml
http://www.openwall.com/lists/oss-security/2011/10/17/2
http://www.openwall.com/lists/oss-security/2011/10/17/4
https://bugs.gentoo.org/show_bug.cgi?id=387397