Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Buffer Overflow?, posted by Chris Warner on Wed Jan 18 17:20:45 2006 
    icon2.gif   Re: Buffer Overflow?, posted by Stefan Ritt on Thu Jan 19 10:31:05 2006 
       icon7.gif   Re: Buffer Overflow?, posted by Chris Warner on Fri Jan 20 02:53:40 2006 
Message ID: 1615     Entry time: Fri Jan 20 02:53:40 2006     In reply to: 1608
Icon: Smile  Author: Chris Warner  Author Email: christopher_warner@dcd.uscourts.gov 
Category: Comment  OS: Linux  ELOG Version: 2.6 
Subject: Re: Buffer Overflow? 

Stefan Ritt wrote:

Chris Warner wrote:
Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?

To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd

view your password file in the browser.

If this was previously reported, is there a fix?

Chris Warner


Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).

I would strongly advise everybody to upgrade as soon as possible.


Thanks for the quick response!
ELOG V3.1.5-3fb85fa6