Description: Jayesh KS and Arun Kethipelly have discovered a vulnerability in ELOG, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error when handling an URL with the logbook set to "global" (e.g. "http://[host]:8080/global/").
Successful exploitation crashes the elogd daemon, but requires valid user credentials when a read password is globally configured.
The vulnerability is confirmed in version 2.6.2-1. Other versions may also be affected.
Solution: Update to version 2.6.2-7.
Provided and/or discovered by: Jayesh KS and Arun Kethipelly
Changelog: 2006-11-10: Updated "Solution" section.
2007-02-20: Added CVE reference.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.