ID CVE-2006-5791 Type cve Reporter cve@mitre.org Modified 2017-07-20T01:33:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
{"id": "CVE-2006-5791", "bulletinFamily": "NVD", "title": "CVE-2006-5791", "description": "Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.", "published": "2006-11-07T23:07:00", "modified": "2017-07-20T01:33:00", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5791", "reporter": "cve@mitre.org", "references": ["http://www.debian.org/security/2006/dsa-1242", "http://secunia.com/advisories/22638", "http://www.securityfocus.com/bid/20881", "http://www.securityfocus.com/bid/20882", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016", "http://secunia.com/advisories/23580", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29986", "http://www.vupen.com/english/advisories/2006/4315"], "cvelist": ["CVE-2006-5791"], "type": "cve", "lastseen": "2019-05-29T18:08:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "4dac712de76dd13c3568f5031a38e398"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "f6d81585b13ecb2f50e4b0b7c504a4e6"}, {"key": "cvss", "hash": "4512bd6c3731d145eaae344f9f24d17b"}, {"key": "cvss2", "hash": "cc26b1e87f4575d23615bdba8c7759af"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "0ce77a31ab3dcdfd3751998603579c98"}, {"key": "href", "hash": "08fb426a815848a2e689e11c4ccc23d2"}, {"key": "modified", "hash": "0fdb701905e0138e4bc209297c27fd37"}, {"key": "published", "hash": "c404e77666545e8f09d826b8b4d5fae6"}, {"key": "references", "hash": "2c11f5136df1a260556e694a122a86f7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "2b4e56865f855cebd067e76cd59d44bf"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d8a7f49a2f8ffcaf826604d5a5555c53ee59d91c25efaf2a51b24d665eac94b7", "viewCount": 0, "enchantments": {"score": {"value": 4.2, "vector": "NONE", "modified": "2019-05-29T18:08:34"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:30177", "OSVDB:30176"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1242.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:57750"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1242-1:23AF0"]}], "modified": "2019-05-29T18:08:34"}, "vulnersScore": 4.2}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "stefan_ritt elog_web_logbook", "operator": "le", "version": "2.6.2"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://midas.psi.ch/elog/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016\n[Secunia Advisory ID:22638](https://secuniaresearch.flexerasoftware.com/advisories/22638/)\n[Secunia Advisory ID:23580](https://secuniaresearch.flexerasoftware.com/advisories/23580/)\n[Related OSVDB ID: 30176](https://vulners.com/osvdb/OSVDB:30176)\n[Related OSVDB ID: 30175](https://vulners.com/osvdb/OSVDB:30175)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1242\nFrSIRT Advisory: ADV-2006-4315\n[CVE-2006-5791](https://vulners.com/cve/CVE-2006-5791)\n", "modified": "2006-10-09T10:03:50", "published": "2006-10-09T10:03:50", "href": "https://vulners.com/osvdb/OSVDB:30177", "id": "OSVDB:30177", "title": "ELOG submit_elog Function Multiple Field XSS", "type": "osvdb", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://midas.psi.ch/elog/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016\n[Secunia Advisory ID:22638](https://secuniaresearch.flexerasoftware.com/advisories/22638/)\n[Secunia Advisory ID:23580](https://secuniaresearch.flexerasoftware.com/advisories/23580/)\n[Related OSVDB ID: 30177](https://vulners.com/osvdb/OSVDB:30177)\n[Related OSVDB ID: 30175](https://vulners.com/osvdb/OSVDB:30175)\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1242\nFrSIRT Advisory: ADV-2006-4315\n[CVE-2006-5791](https://vulners.com/cve/CVE-2006-5791)\n", "modified": "2006-10-09T10:03:50", "published": "2006-10-09T10:03:50", "href": "https://vulners.com/osvdb/OSVDB:30176", "id": "OSVDB:30176", "title": "ELOG send_file_direct Function Error Message XSS", "type": "osvdb", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to elog\nannounced via advisory DSA 1242-1.\n\nSeveral remote vulnerabilities have been discovered in elog, a web-based\nelectronic logbook, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-5063\n\nTilman Koschnick discovered that log entry editing in HTML is vulnerable\nto cross-site scripting. This update disables the vulnerable code.\n\nCVE-2006-5790\n\nUlf Harnhammar of the Debian Security Audit Project discovered several\nformat string vulnerabilities in elog, which may lead to execution of\narbitrary code.\n\nCVE-2006-5791\n\nUlf Harnhammar of the Debian Security Audit Project discovered\ncross-site scripting vulnerabilities in the creation of new logbook\nentries.\n\nCVE-2006-6318\n\nJayesh KS and Arun Kethipelly of OS2A discovered that elog performs\ninsufficient error handling in config file parsing, which may lead to\ndenial of service through a NULL pointer dereference.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57750", "id": "OPENVAS:57750", "title": "Debian Security Advisory DSA 1242-1 (elog)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1242_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1242-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 2.5.7+r1558-4+sarge3.\n\nThe upcoming stable distribution (etch) will no longer include elog.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.6.2+r1754-1.\n\nWe recommend that you upgrade your elog package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201242-1\";\ntag_summary = \"The remote host is missing an update to elog\nannounced via advisory DSA 1242-1.\n\nSeveral remote vulnerabilities have been discovered in elog, a web-based\nelectronic logbook, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-5063\n\nTilman Koschnick discovered that log entry editing in HTML is vulnerable\nto cross-site scripting. This update disables the vulnerable code.\n\nCVE-2006-5790\n\nUlf Harnhammar of the Debian Security Audit Project discovered several\nformat string vulnerabilities in elog, which may lead to execution of\narbitrary code.\n\nCVE-2006-5791\n\nUlf Harnhammar of the Debian Security Audit Project discovered\ncross-site scripting vulnerabilities in the creation of new logbook\nentries.\n\nCVE-2006-6318\n\nJayesh KS and Arun Kethipelly of OS2A discovered that elog performs\ninsufficient error handling in config file parsing, which may lead to\ndenial of service through a NULL pointer dereference.\";\n\n\nif(description)\n{\n script_id(57750);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-5063\", \"CVE-2006-5790\", \"CVE-2006-5791\", \"CVE-2006-6318\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1242-1 (elog)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"elog\", ver:\"2.5.7+r1558-4+sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T02:20:58", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in elog, a\nweb-based electronic logbook, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2006-5063\n Tilman Koschnick discovered that log entry editing in\n HTML is vulnerable to cross-site scripting. This update\n disables the vulnerable code.\n\n - CVE-2006-5790\n Ulf Harnhammar of the Debian Security Audit Project\n discovered several format string vulnerabilities in\n elog, which may lead to execution of arbitrary code.\n\n - CVE-2006-5791\n Ulf Harnhammar of the Debian Security Audit Project\n discovered cross-site scripting vulnerabilities in the\n creation of new logbook entries.\n\n - CVE-2006-6318\n Jayesh KS and Arun Kethipelly of OS2A discovered that\n elog performs insufficient error handling in config file\n parsing, which may lead to denial of service through a\n NULL pointer dereference.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/23947", "published": "2006-12-30T00:00:00", "title": "Debian DSA-1242-1 : elog - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1242. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23947);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:20\");\n\n script_cve_id(\"CVE-2006-5063\", \"CVE-2006-5790\", \"CVE-2006-5791\", \"CVE-2006-6318\");\n script_xref(name:\"DSA\", value:\"1242\");\n\n script_name(english:\"Debian DSA-1242-1 : elog - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in elog, a\nweb-based electronic logbook, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2006-5063\n Tilman Koschnick discovered that log entry editing in\n HTML is vulnerable to cross-site scripting. This update\n disables the vulnerable code.\n\n - CVE-2006-5790\n Ulf Harnhammar of the Debian Security Audit Project\n discovered several format string vulnerabilities in\n elog, which may lead to execution of arbitrary code.\n\n - CVE-2006-5791\n Ulf Harnhammar of the Debian Security Audit Project\n discovered cross-site scripting vulnerabilities in the\n creation of new logbook entries.\n\n - CVE-2006-6318\n Jayesh KS and Arun Kethipelly of OS2A discovered that\n elog performs insufficient error handling in config file\n parsing, which may lead to denial of service through a\n NULL pointer dereference.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-6318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1242\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the elog package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.5.7+r1558-4+sarge3.\n\nThe upcoming stable distribution (etch) will no longer include elog.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:elog\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"elog\", reference:\"2.5.7+r1558-4+sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:52", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1242-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 27th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : elog\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-5063 CVE-2006-5790 CVE-2006-5791 CVE-2006-6318\n\nSeveral remote vulnerabilities have been discovered in elog, a web-based\nelectronic logbook, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2006-5063\n\n Tilman Koschnick discovered that log entry editing in HTML is vulnerable\n to cross-site scripting. This update disables the vulnerable code.\n\nCVE-2006-5790\n\n Ulf Harnhammar of the Debian Security Audit Project discovered several\n format string vulnerabilities in elog, which may lead to execution of\n arbitrary code.\n\nCVE-2006-5791\n\n Ulf Harnhammar of the Debian Security Audit Project discovered \n cross-site scripting vulnerabilities in the creation of new logbook\n entries.\n\nCVE-2006-6318\n\n Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs\n insufficient error handling in config file parsing, which may lead to\n denial of service through a NULL pointer dereference.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.5.7+r1558-4+sarge3.\n\nThe upcoming stable distribution (etch) will no longer include elog.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.6.2+r1754-1.\n\nWe recommend that you upgrade your elog package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.dsc\n Size/MD5 checksum: 581 c072e867caa0058ac44cbd69c6afff51\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.diff.gz\n Size/MD5 checksum: 23758 0718302e60a98844f27cd6eab336c5ce\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz\n Size/MD5 checksum: 538216 e05c9fdaa02692ce20c70a5fd2748fe3\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_alpha.deb\n Size/MD5 checksum: 556190 081bd3b98bea9516c26b487024d6140f\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_amd64.deb\n Size/MD5 checksum: 512510 48ee1c675cefa6a0b0af01f7cbb9f079\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_arm.deb\n Size/MD5 checksum: 517072 5e4a4dc726a8a0bf75f05de3fe17e07c\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_hppa.deb\n Size/MD5 checksum: 544448 5f5c83341837c6dd18211b4164bbd1dc\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_i386.deb\n Size/MD5 checksum: 514786 c14108b91d171ac38b0104ae769cfc96\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_ia64.deb\n Size/MD5 checksum: 598224 df22b05edfb9dfab43cc69233f2d88e4\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_m68k.deb\n Size/MD5 checksum: 482826 254d8a1f1cae62719a9f6f2a461cffd8\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mips.deb\n Size/MD5 checksum: 522074 909b22df0ac8302bd7b00b8338511198\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mipsel.deb\n Size/MD5 checksum: 525164 278bc7397817c8f6a8a44d2879f0682c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_powerpc.deb\n Size/MD5 checksum: 524304 37438b8fff9c0b162aa6870fd5c7ba31\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_s390.deb\n Size/MD5 checksum: 515148 32cf397b104321646de736141a90354d\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_sparc.deb\n Size/MD5 checksum: 519788 b532c963d03d66f4e32861531adefe4e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2006-12-27T00:00:00", "published": "2006-12-27T00:00:00", "id": "DEBIAN:DSA-1242-1:23AF0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00343.html", "title": "[SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
