Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon8.gif   once a week we are having elogd segault?, posted by mathew goebel on Fri Jul 18 17:46:43 2025 
    icon2.gif   Re: once a week we are having elogd segault?, posted by mathew goebel on Wed Aug 6 17:08:46 2025 
       icon2.gif   Re: once a week we are having elogd segault?, posted by Stefan Ritt on Thu Aug 7 11:04:39 2025 
Message ID: 69887     Entry time: Thu Aug 7 11:04:39 2025     In reply to: 69886
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Question  OS: Linux  ELOG Version: V3.1.5-30a 
Subject: Re: once a week we are having elogd segault? 

Probably some very strange URL form nexpose to trigger a potential buffer overflow. If I get the precise URL which crashes elogd, I can reproduce and fix it.

Otherwise my usual advice: Run elogd behind an Apache proxy and do the authentication there. This way nexpose does not get to elogd, it will stop at the Apache (without the proper credentials).

Steafn

mathew goebel wrote:

We have since discovered that the security team is scanning the box in question once a week when the service crashes, with nexpose.

So if you see something similar then you might want to explore that.

mathew goebel wrote:

Jul 17 20:36:21 elog kernel: elogd[179095]: segfault at 7ffda4d82000 ip 00007f97033a1406 sp 00007ffda4d58c38 error 6 in libc-2.28.so[7f9703374000+1cd000]

Elog version ELOG V3.1.5-30ada1df 

Running on a Rehdat 8 enterprise server

compiled with a Makefile change :: change -Wno-unused-result to -Wno-unused-value

Wondering if anyone has been seeing this?

 

 

ELOG V3.1.5-3fb85fa6