Title: Medium Impact Vulnerability in Elog Web Application Date: August 18, 2010 Summary ------- Elog is a stand-alone weblog, popular in the scientific community. It allows easy exchange of messages between users. It is written in C and maintained by Stefan Ritt of PSI. Elog versions prior to 2.8.0 contain vulnerabilities that allow user passwords to be stolen, and may allow arbitrary code execution. This advisory is based on information graciously provided by CERN. Details ------- Three security issues have been identified in the Elog application: 1. Incorrect use of cryptography which could lead to password leaks and other problems. The new version automatically converts the password file to the new format. However, if encryption was enabled previously, this update will have the effect that all of the users will have to re-type their passwords (via the "forgot password" mechanism). It is nonetheless recommended to convert. 2. XSS problem (which combined with the problem above is a viable channel for the password theft). 3. Unspecified vulnerability, potentially allowing execution of arbitrary code by the local users (via stack buffer overflow). The problems were identified by Lukasz Olejnik (CERN/PSNC). The new version 2.8.0 introduces fixes to these problems. Please find it here: https://midas.psi.ch/elog/ Recommended Actions ------------------- Affected sites are recommended to update their Elog instances as soon as possible.