Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 491 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Collapse | Expand  Show only new entries    6460 Entries 
Goto page Previous  1, 2, 3 ... 490, 491, 492 ... 806, 807, 808   Next  
icon4.gif   Mail are no longer sent from the logged in user in 2.9.0, posted by Olivier Callot on Wed Mar 23 10:01:01 2011 

We upgraded to Elog 2.9.0-2402 and since then mails sent by Elog when posting an item are from the default account, not from the logged in user's mail address.

The configuration is, for the mail part :

Default Email From = Olivier.Callot@cern.ch

Use Email Subject = ELOG Computing Operations - $Subject ($Site - $System - $Production number)

 

Thanks for telling me which flag/option I have to set to restore the proper mail 'From:' field.

icon5.gif   Why the password file can have several same username?, posted by Ma Qiumei on Wed Mar 30 10:46:58 2011 

 In the password file, I see several same username, such as:

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

    <last_logout>Tue Apr 14 14:12:44 2009</last_logout>

    <last_activity>Wed May 19 09:39:32 2010</last_activity>

    <email>maqm@ihep.ac.cn</email>

    <email_notify/>

  </user> 

 

 

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

   <last_logout>0</last_logout>

    <last_activity>0</last_activity>

      <inactive>0</inactive>

    <email>maqm@ihep.ac.cn</email>

    <email_notify/>

  </user> 

 

 

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

    <last_logout>0</last_logout>

    <last_activity>0</last_activity>

      <inactive>0</inactive>

    <email>maqm@ihep.ac.cn</email>

       <email_notify/>

  </user> 

 

I don't know the reason why eLog can have the same username.

And what should I do to prevent these things happen?

 

Thanks!

 

 

 

    icon2.gif   Re: Why the password file can have several same username?, posted by Stefan Ritt on Fri Apr 1 09:17:20 2011 

Ma Qiumei wrote:

I don't know the reason why eLog can have the same username.

And what should I do to prevent these things happen? 

Thanks for reporting that bug. It has been fixed in SVN revision 2404.  

    icon2.gif   Re: Mail are no longer sent from the logged in user in 2.9.0, posted by Stefan Ritt on Fri Apr 1 10:54:29 2011 

Olivier Callot wrote:

We upgraded to Elog 2.9.0-2402 and since then mails sent by Elog when posting an item are from the default account, not from the logged in user's mail address.

The configuration is, for the mail part :

Default Email From = Olivier.Callot@cern.ch

Use Email Subject = ELOG Computing Operations - $Subject ($Site - $System - $Production number)

 

Thanks for telling me which flag/option I have to set to restore the proper mail 'From:' field.

Thanks for reporting this bug. I have fixed it in SVN revision 2407. 

    icon2.gif   Re: Authentication error message, posted by Stefan Ritt on Fri Apr 1 16:13:44 2011 Capture019.png

soren poulsen wrote:

It is very good to have Kerberos authentication available. It is just the error message which is a bit cryptic.

If you enter your Kerberos password once, and later fail to authenticate with a wrong password, you get:

Kerberos error:
Decrypt integrity check failed.
Please check your Kerberos configuration

 

That is not really urgent!


Soren

 

Can you tell me how to reproduce this? If I do it here, I just get back to the login page:

Capture019.png

Maybe it has to do with your specific Kerberos implementation? What server are you using?

 

icon4.gif   Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by John Rouillard on Sun Apr 10 01:49:01 2011  
When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:

Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]

openvas reports that it was testing for CVE-2002-1212 when the crash occurred.

Startup info:

Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
Apr  9 19:35:54 unixland elogd[21584]: revision 2411

-- rouilj
    icon2.gif   Re: Authentication error message, posted by soren poulsen on Mon Apr 11 19:31:23 2011 

Stefan Ritt wrote:

soren poulsen wrote:

It is very good to have Kerberos authentication available. It is just the error message which is a bit cryptic.

If you enter your Kerberos password once, and later fail to authenticate with a wrong password, you get:

Kerberos error:
Decrypt integrity check failed.
Please check your Kerberos configuration

 

That is not really urgent!


Soren

 

Can you tell me how to reproduce this? If I do it here, I just get back to the login page:

Capture019.png

Maybe it has to do with your specific Kerberos implementation? What server are you using?

 

 I am sorry but I cannot reproduce this any more. It happened several times when I was testing different kinds of wrong user input to the authentication dialog but now there is no issue any longer. However, there has been other issues lately in this domain and it may be that the Kerberos installation has been patched by our automatic update installation.

Case closed! Thanks anyway for responding.

Soren

    icon2.gif   Re: Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by Stefan Ritt on Fri Apr 15 08:49:26 2011  
> When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
> 
> Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
> #015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
> 2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
> 
> openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
> 
> Startup info:
> 
> Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
> Apr  9 19:35:54 unixland elogd[21584]: revision 2411
> 
> -- rouilj

I haven't tried openvas, but added a check for the negative content-length you have in the request
above in SVN revision 2413. Can you try if it still crashes?

- Stefan
Goto page Previous  1, 2, 3 ... 490, 491, 492 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6