Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Buffer Overflow?, posted by Chris Warner on Wed Jan 18 17:20:45 2006 
    icon2.gif   Re: Buffer Overflow?, posted by Stefan Ritt on Thu Jan 19 10:31:05 2006 
       icon7.gif   Re: Buffer Overflow?, posted by Chris Warner on Fri Jan 20 02:53:40 2006 
Message ID: 1607     Entry time: Wed Jan 18 17:20:45 2006     Reply to this: 1608
Icon: Warning  Author: Chris Warner  Author Email: christopher_warner@dcd.uscourts.gov 
Category: Bug report  OS: Linux  ELOG Version: 2.6 
Subject: Buffer Overflow? 
Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?

To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd

view your password file in the browser.


If this was previously reported, is there a fix?

Chris Warner
ELOG V3.1.5-3fb85fa6