ELOG Configuration File Authorization Bypass Vulnerability Allowing Denial-of-Service and Potential Command Execution

A vulnerability in ELOG allows authenticated users to modify or overwrite the configuration file, leading to a denial-of-service condition. If the execute facility is enabled with the '-x' command line flag, this vulnerability could be exploited to execute operating system commands on the host machine. By default, ELOG does not permit shell commands or self-registration.

Impact

Exploitation of this vulnerability can cause a denial-of-service by disrupting normal application functionality. Additionally, if the execute facility is enabled, it could lead to unauthorized execution of operating system commands.

Reproduction

The vulnerability can be reproduced by an authenticated user who modifies or overwrites the ELOG configuration file. This can be done through the application's user interface or by directly uploading a file that replaces the configuration. If the '-x' command line flag is enabled, the same user could then execute operating system commands on the host machine.

Remediation

No fix is currently planned for this vulnerability.