ELOG

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

Crafted URL causes elog to coredump, posted by Steve Jones on Sat Mar 4 06:08:29 2006

Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 14:04:12 2006

Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 17:35:52 2006

Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 17:45:18 2006

Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:04:39 2006

Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:06:32 2006

[UPDATE] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:54:32 2006

[UPDATE2] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 18:05:54 2006

[Segmentation Fault source identified] Verbose Output: Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 20:19:14 2006

Message ID: 1753 Entry time: Mon Mar 6 17:35:52 2006 In reply to: 1752 Reply to this: 1755

Icon:

Reply

Author:

Steve Jones

Author Email:

steve.jones@freescale.com

Category:

Bug report

OS:

All

ELOG Version:

2.6.1-1660

Subject:

Re: Crafted URL causes elog to coredump

Stefan Ritt wrote:

Steve Jones wrote:

While playing with TOP GROUP I managed to get elog 2.6.1 1660 on Solaris 9 to coredump. Since I didn't really understand TOP GROUP I tried a URL where I had http://elog.server.com/topgroupname/logbookname. Putting that logbookname at the end caused elog to dump.

Can this be reproduced by others?

No. This forum has the "elog" as the top group, "Forum" as the logbook, so if I write

http://midas.psi.ch/elogs/elog/Forum

it does not crash.

Quote:

Try a non-existent logbook - example http://midas.psi.ch/elogs/elog/NewForum. This is occurring under rev 1660.

ELOG V3.1.5-3fb85fa6