CVE-2011-3626

Name: CVE-2011-3626
Creator: NVD / NIST
Published: 2012-01-27T15:55:04.14+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.18%

Last modified Jun 16, 2026

CVE-2011-3626 is a vulnerability of currently unknown severity. Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.. EPSS estimates a 2.18% chance of exploitation in the next 30 days.

Description

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.

Metrics

EPSS Probability

2.18%

80.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Drusus	Logsurfer	<= 1.5b
Drusus	Logsurfer	1.1
Drusus	Logsurfer	1.2
Drusus	Logsurfer	1.3
Drusus	Logsurfer	1.4
Drusus	Logsurfer	1.5
Drusus	Logsurfer	1.5a
Drusus	Logsurfer	1.41
Kerry Thompson	Logsurfer\+	<= 1.7
Kerry Thompson	Logsurfer\+	1.5a
Kerry Thompson	Logsurfer\+	1.5b
Kerry Thompson	Logsurfer\+	1.6
Kerry Thompson	Logsurfer\+	1.6a
Kerry Thompson	Logsurfer\+	1.6b

References

http://secunia.com/advisories/46389Vendor Advisory
http://secunia.com/advisories/47725Vendor Advisory
http://security.gentoo.org/glsa/glsa-201201-04.xmlVendor Advisory
http://www.openwall.com/lists/oss-security/2011/10/17/2Patch
http://www.openwall.com/lists/oss-security/2011/10/17/4
https://bugs.gentoo.org/show_bug.cgi?id=387397Patch, Vendor Advisory
http://secunia.com/advisories/46389Vendor Advisory
http://secunia.com/advisories/47725Vendor Advisory
http://security.gentoo.org/glsa/glsa-201201-04.xmlVendor Advisory
http://www.openwall.com/lists/oss-security/2011/10/17/2Patch
http://www.openwall.com/lists/oss-security/2011/10/17/4
https://bugs.gentoo.org/show_bug.cgi?id=387397Patch, Vendor Advisory

Timeline

Published: Jan 27, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-3626?

How severe is CVE-2011-3626?

Severity scoring for CVE-2011-3626 is pending analysis. The EPSS model estimates a 2.18% probability of exploitation in the next 30 days.

How do I fix CVE-2011-3626?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-3626?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST