PT-2002-2772 · Modlogan · Modlogan
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-2051
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ModLogAn versions 0.5.0 through 0.7.11
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file when the processor web plugin is used with the splitby option.
Recommendations
For ModLogAn versions 0.5.0 through 0.7.11, consider disabling the processor web plugin or the splitby option as a temporary workaround until a patch is available. Restrict access to the log files to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Modlogan