CVE-2011-3626

Name of the Vulnerable Software and Affected Versions Logsurfer+ versions prior to 1.8 Logsurfer version 1.5b and earlier Logsurfer+ version 1.7 and earlier

Description The issue concerns a double free vulnerability in the prepare exec function, which can be exploited remotely. This vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information. It allows remote attackers to execute arbitrary commands via crafted strings in a log file.

Recommendations For Logsurfer+ versions prior to 1.8, update to version 1.8 or later. For Logsurfer version 1.5b and earlier, update to a version later than 1.5b. For Logsurfer+ version 1.7 and earlier, update to a version later than 1.7. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.