CVE-2006-5790

Name of the Vulnerable Software and Affected Versions: ELOG versions 2.6.2 and earlier

Description: The issue concerns multiple format string vulnerabilities in the elogd.c file. These vulnerabilities can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. The vulnerabilities can be triggered through an entry with an attachment whose name contains format string specifiers in the el submit function, as well as potentially other vectors in the receive config, show rss feed, show elog list, show logbook node, and server loop functions.

Recommendations: For ELOG versions 2.6.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.