Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG, Page 262 of 805

Not logged in

Find | Login | Help

Full | Summary | Threaded | Hide attachments

6439 Entries

Goto page Previous 1, 2, 3 ... 261, 262, 263 ... 803, 804, 805 Next

IMPORTANT SECURITY ANNOUNCEMENT

Recently the POODLE vulnerability has been announced: http://en.wikipedia.org/wiki/POODLE

ELOG is prone to this vulnerability if it runs directly the SSL protocol and can be accessed from the internet. If ELOG runs behind an Apache proxy, and the Apache server has been correctly configured (disabled the SSLv23 protocols), ELOG is safe as well.

To fix this vulnerability, ELOG needs to be recompiled after the attached patch has been applied. This prohibits ELOG to fallback to the insecure SSLv2 & v3 protocols and only use the safe TLSv1 protocol.

If you do not know how to recompile ELOG, please do not run ELOG directly accessible from the internet until the next binary release has been published.

/Stefan Ritt

Attachment 1: elogd.patch

diff --git a/src/elogd.c b/src/elogd.c
index fac34f8..13c619f 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -2342,7 +2342,7 @@ int ssl_connect(int sock, SSL ** ssl_con)
    SSL_library_init();
    SSL_load_error_strings();
 
-   meth = (SSL_METHOD *) SSLv23_method();
+   meth = (SSL_METHOD *) TLSv1_method();
    ctx = SSL_CTX_new(meth);
 
    *ssl_con = SSL_new(ctx);
@@ -28902,7 +28902,7 @@ SSL_CTX *init_ssl(void)
    SSL_library_init();
    SSL_load_error_strings();
 
-   meth = (SSL_METHOD *) SSLv23_method();
+   meth = (SSL_METHOD *) TLSv1_method();
    ctx = SSL_CTX_new(meth);
 
    if (getcfg("global", "SSL Passphrase", pwd, sizeof(pwd))) {

67708

Wed Oct 22 19:55:53 2014

Re: Network Questions

Hal Proctor wrote:

Our network team is doing some upgrades and would like the following questions answered if possible. 1: Is the application able to communicate with a Domain controller running Windows Server 2012 R2? And.... 2: Is the application able to function in a Windows 2008 R2 domain and forest functional level? Thanks for your help, Hal

ELOG contains Kerberos authentication at a basic level. If I'm not mistaken, the Windows Domain controller is based on Kerberos. I do not have any 2008 or 2012 domain controller, so I cannot test, but it's worth giving it a try.

/Stefan

67707

Wed Oct 22 19:52:58 2014

Mon Sep 22 14:39:10 2014

Re: Sort by date prior to 2002

Andreas Luedeke wrote:

Chris Jennings wrote:

I have an attribute formatted as a date (but not labeled as date) and is sorted as second priority. The sort works fine until I enter a date older than Jan 1st 2002. When I do this it is sorted as the latest. Is this a bug or simply not designed to use dates this old?

Thanks in advance,

Chris

Sorry, my mistake. The cutoff date is anything before September 9th 2001 does not sort.

I think I remember that this has been discussed earlier: it is a little bug in elogd.

You can see where it comes from if you type in the little command 'date -d "9-Sep-2001 3:46:40" +%s'

Converted to "seconds of the epoche" (seconds since 1970-01-01 00:00:00 UTC) the date "9-Sep-2001 3:46:40" has one digit more than "9-Sep-2001 3:46:39".

Since elog makes a string comparison, suddenly 1'000'000'000 is less than 999'999'999; therefore the wrong sorting.

Workaround: you can modify your old entries and add a leading zero to all entries where your specific date field starts with a '9'.

Stefan: you should fix it at least well before 20-Nov-2286 18:46:40, when the same bug strikes again!

Ok, well before 2286 approaches I fixed that bug and committed it to the GIT repository (master branch).

/Stefan

67705

Wed Sep 17 17:45:18 2014

Andreas Luedeke

andreas.luedeke@psi.ch

Info

All

V2.9.2-24

Re: Sort by date prior to 2002

Chris Jennings wrote:

Thanks in advance,

Chris

Sorry, my mistake. The cutoff date is anything before September 9th 2001 does not sort.

I think I remember that this has been discussed earlier: it is a little bug in elogd.

You can see where it comes from if you type in the little command 'date -d "9-Sep-2001 3:46:40" +%s'

Converted to "seconds of the epoche" (seconds since 1970-01-01 00:00:00 UTC) the date "9-Sep-2001 3:46:40" has one digit more than "9-Sep-2001 3:46:39".

Since elog makes a string comparison, suddenly 1'000'000'000 is less than 999'999'999; therefore the wrong sorting.

Workaround: you can modify your old entries and add a leading zero to all entries where your specific date field starts with a '9'.

Stefan: you should fix it at least well before 20-Nov-2286 18:46:40, when the same bug strikes again!

67704

Tue Sep 16 18:05:41 2014

Re: Sort by date prior to 2002

Chris Jennings wrote:

Thanks in advance,

Chris

Sorry, my mistake. The cutoff date is anything before September 9th 2001 does not sort.

67703

Tue Sep 16 17:59:27 2014

Sort by date prior to 2002

Thanks in advance,

Chris

67702

Tue Sep 9 15:50:25 2014

Re: default font style

Sara Vanini wrote:

Stefan Ritt wrote:

Sara Vanini wrote:

Hi,

is it possibile to set a default font style: format, font, size, color, etc? how?

Thanks a lot

Sara

You look here: http://midas.psi.ch/elog/config.html#themes

Thanks! but I'm lost in the themes/default/default.css file.... which is the entry I have to edit for the style of the body text (Format "Normal") of the elog pages?

Sara

Just change the body { } entry in the CSS file. Here is a good tutorial: http://www.w3schools.com/css/css_syntax.asp

Goto page Previous 1, 2, 3 ... 261, 262, 263 ... 803, 804, 805 Next

ELOG V3.1.5-3fb85fa6