PT-2011-1775 · Manageengine · Zoho Manageengine Eventlog Analyzer
Published
2011-09-27
·
Updated
2020-03-26
·
CVE-2010-4840
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ManageEngine EventLog Analyzer versions 6.1
Description
The issue is related to multiple buffer overflows in the Syslog server, which can be exploited by remote attackers. This can be achieved by sending a long Syslog PRI message header to UDP port 513 or 514, potentially causing a denial of service due to the SysEvttCol.exe process crash, or possibly allowing the execution of arbitrary code.
Recommendations
For ManageEngine EventLog Analyzer version 6.1, update to version 7.2 Build 7020 to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Eventlog Analyzer