Unrated severityNVD Advisory· Published Jan 27, 2012· Updated Apr 29, 2026
CVE-2011-3626
CVE-2011-3626
Description
Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
Affected products
16cpe:2.3:a:drusus:logsurfer:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:drusus:logsurfer:*:*:*:*:*:*:*:*range: <=1.5b
- cpe:2.3:a:drusus:logsurfer:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5a:*:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:beta:*:*:*:*:*:*
- cpe:2.3:a:drusus:logsurfer:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:kerry_thompson:logsurfer\+:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:kerry_thompson:logsurfer\+:*:*:*:*:*:*:*:*range: <=1.7
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.5a:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.5b:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6a:*:*:*:*:*:*:*
- cpe:2.3:a:kerry_thompson:logsurfer\+:1.6b:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.openwall.com/lists/oss-security/2011/10/17/2nvdPatch
- bugs.gentoo.org/show_bug.cginvdPatchVendor Advisory
- secunia.com/advisories/46389nvdVendor Advisory
- secunia.com/advisories/47725nvdVendor Advisory
- security.gentoo.org/glsa/glsa-201201-04.xmlnvdVendor Advisory
- www.openwall.com/lists/oss-security/2011/10/17/4nvd
News mentions
0No linked articles in our index yet.