Analog ALIAS Buffer Overflow Vulnerability

Analog is a freely available log analysis tool that provides advanced features. It was originally written by Stephen Turner.

As designed, the software makes it possible for a user to remotely access network statistics using cgi scripts and HTTP FORM methods. When queried, the cgi accesses analog, and outputs statistics to a web page. Due to a buffer overflow in analog, and improper checking of input by the cgi program, it is possible for a user to supply a long ALIAS field to the analog program, which will result in a buffer overflow.

The problem makes it possible for a malicious user to remotely execute arbitrary code, and execute commands with privileges equal to the httpd process.


 

Privacy Statement
Copyright 2010, SecurityFocus