ELOG

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by John Rouillard on Sun Apr 10 01:49:01 2011

Re: Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by Stefan Ritt on Fri Apr 15 08:49:26 2011

Message ID: 67049 Entry time: Fri Apr 15 08:49:26 2011 In reply to: 67044

Icon:

Author:

Stefan Ritt

Author Email:

stefan.ritt@psi.ch

Category:

Bug report

OS:

Linux

ELOG Version:

2.9.0

Subject:

Re: Elog 2.9.0 buffer overflow crash bug ubuntu linux

> When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
> 
> Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
> #015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
> 2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
> 
> openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
> 
> Startup info:
> 
> Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
> Apr  9 19:35:54 unixland elogd[21584]: revision 2411
> 
> -- rouilj

I haven't tried openvas, but added a check for the negative content-length you have in the request
above in SVN revision 2413. Can you try if it still crashes?

- Stefan

ELOG V3.1.5-fe60aaf