VULHUB ™

A vulnerability has been discovered in ModLogAn. Due to insufficient sanitization of data it may be possible for an attacker to cause heap corruption. This issue occurs while decoding URLs located in log files. By generating a malicious log entry it may be possible for an attacker to trigger this vulnerability when an unsuspecting admin runs ModLogAn. When the affected application attempts to process the malicious entry, invalid memory will be allocated for user-supplied data, effectively causing heap corruption. By exploiting this issue to overwrite a malloc() header, it may be possible to overwrite an arbitrary word in memory when the corrupted chunk is freed. This may result in arbitrary attacker-supplied instructions being executed with the privileges of the ModLogAn process.

A vulnerability has been discovered in ModLogAn. Due to insufficient sanitization of data it may be possible for an attacker to cause heap corruption. This issue occurs while decoding URLs located in log files. By generating a malicious log entry it may be possible for an attacker to trigger this vulnerability when an unsuspecting admin runs ModLogAn. When the affected application attempts to process the malicious entry, invalid memory will be allocated for user-supplied data, effectively causing heap corruption. By exploiting this issue to overwrite a malloc() header, it may be possible to overwrite an arbitrary word in memory when the corrupted chunk is freed. This may result in arbitrary attacker-supplied instructions being executed with the privileges of the ModLogAn process.