Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Crafted URL causes elog to coredump, posted by Steve Jones on Sat Mar 4 06:08:29 2006 
    icon2.gif   Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 14:04:12 2006 
       icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 17:35:52 2006 
          icon2.gif   Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 17:45:18 2006 
             icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:04:39 2006 
             icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:06:32 2006 
                icon2.gif   [UPDATE] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:54:32 2006 
                   icon2.gif   [UPDATE2] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 18:05:54 2006 
                      icon2.gif   [Segmentation Fault source identified] Verbose Output: Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 20:19:14 2006 
Message ID: 1748     Entry time: Sat Mar 4 06:08:29 2006     Reply to this: 1752
Icon: Warning  Author: Steve Jones  Author Email: steve.jones@freescale.com 
Category: Bug report  OS: All  ELOG Version: 2.6.1-1660 
Subject: Crafted URL causes elog to coredump 
While playing with TOP GROUP I managed to get elog 2.6.1 1660 on Solaris 9 to coredump. Since I didn't really understand TOP GROUP I tried a URL where I had http://elog.server.com/topgroupname/logbookname. Putting that logbookname at the end caused elog to dump.

Can this be reproduced by others?
ELOG V3.1.5-3fb85fa6