Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 515 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Collapse | Expand  Show only new entries    6460 Entries 
Goto page Previous  1, 2, 3 ... 514, 515, 516 ... 806, 807, 808   Next  
icon4.gif   Elog 2.9.0 buffer overflow crash bug ubuntu linux, posted by John Rouillard on Sun Apr 10 01:49:01 2011  
When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:

Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]

openvas reports that it was testing for CVE-2002-1212 when the crash occurred.

Startup info:

Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
Apr  9 19:35:54 unixland elogd[21584]: revision 2411

-- rouilj
    icon2.gif   Re: dependencies lib, posted by John P. Huber on Mon Aug 3 22:13:16 2015 

Can you provide simliar guidance for Scientific Linux release 6.6 (Carbon, 64 bit version) as I get the "failed dependencies" after installing

openssl-devel package and I tried linking /usr/lib64/libssl.so.1.0.1e as libssl.so.6 in both /lib and /usr/lib ? -jph

Stefan Ritt wrote:

If you Google for "libssl.so.6 is needed", you will find for example this site: http://ubuntuforums.org/showthread.php?t=2096126 , which tells you to install the libssl-dev package.

alireza wrote:

Hi,I'm new here :) and want to install elog on linux suse. could you please tell me, how can I find this following lib dependency.

linuxsuse#rpm -i elogi386.rpm
                 error: Failed dependencies:
                  libssl.so.6 is needed by elog-3.1.0-2.i386

Thanks in Advance

 

 

icon5.gif   Merge duplicate types, posted by John Mund on Fri May 6 16:19:10 2016 

Hello,

We have accumulated some duplicate 'types' in one of our logbooks.  Is it possible to merge them?

Thanks,

John

 

icon3.gif   my_shell (OS_UNIX) uses /tmp/elog_shell - conflict when more than one elogd runs at the same time, posted by John M O'Donnell on Fri May 20 22:45:00 2011 elogd.c.patch_shellPipe

all instances of elogd use the same file name in /tmp when calling my_shell.  This can cause some inconsistent behavior when two or more copies of elogd are runnnig at the same time.  (eg. one might detect ImageMagik is installed, and the other not,)

 

The propsed solution is to have the parent read from a pipe to the child rather from a file.  A patch is attached.

icon7.gif   Certificate Error, posted by John Lemko on Tue Dec 8 18:57:31 2009 Elog_Error.jpg

Is there any documentation I can go through that explains how to remove the Certificate Error I am getting as shown in the attachment.  I have tried creating my own certificate and putting it in the elog ssl folder but that just prevented the elog service from starting.  Any help would be greatly appreciated.  Thanks.

    icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 19:34:11 2009  
> 
> How did you create the certificate?
> Are you running eLog on a server with more than one host name (CNAME entries) and are you pointing to your eLog
> via one of that aliases?
> 
> Certificates that work with an Apache 1 Web server do work with eLog, too.
> 
> GS

The certificate that is on there right now is the one that gets created when you install elogs.  I have tried 
creating one with a windows server 2008 box with the CA role installed.  The certificate is created without issue 
and I can install it on the server but when I try to restart the elog service it wont start until I put the 
original server.crt and server.key file back into the ssl directory.  

I have DNS on the machine but only have one CNAME pointing to the elog server.

I don't know a lot about certificates so sorry if this doesn't help out much.
    icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 21:57:37 2009  
> > The certificate that is on there right now is the one that gets created when you install elogs.  I have tried 
> > creating one with a windows server 2008 box with the CA role installed.  The certificate is created without issue 
> > and I can install it on the server but when I try to restart the elog service it wont start until I put the 
> > original server.crt and server.key file back into the ssl directory.  
> 
> How did you install the certificate? Maybe it ended up in the IIS directory and not in the elog directory?

That is a good point.  I just installed the cert by double clicking on it.  Then selecting either trusted root CA or 
personal to install the certificate.  Is there a different way to install the certificate for elog?

Thanks alot for your help.
    icon2.gif   Re: Certificate Error, posted by John Lemko on Tue Dec 8 22:06:47 2009  
> > 
> > The certificate that is on there right now is the one that gets created when you install elogs.  I have tried 
> > creating one with a windows server 2008 box with the CA role installed.  The certificate is created without issue 
> > and I can install it on the server but when I try to restart the elog service it wont start until I put the 
> > original server.crt and server.key file back into the ssl directory.  
> > 
> 
> I don't know anything about Windows server CA, but eLog is very strict in the syntax of the CERTs.
> I had to learn it the hard way when installing a chain CERT.
> 
> For server.crt and server.key it MUST NOT be a chain cert. Therefor you have to use chain.crt
> 
> Are the generated CERTs ASCII (with only one -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in
> server.crt 
> and -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in server.key)?
> 
> So the eLog generated keys should look like..
> 
> GS

Thanks for your reply.  I appreciate it alot.

When I created my certificate it came out as a .cer [there was no .key file] and looking at the code that was posted 
below it looks like unless there is a server.crt and server.key file in the ssl folder the program will exit:  So I 
guess I need to figure out how to generate a certificate that elog will understand using a .key file and a .crt file.  
So I might have to research certificates more.

To be honest I'm not an expert on SSL. I just use following code inside ELOG to initialize the SSL connection:

SSL_CTX *init_ssl(void)
{
   char str[256];
   SSL_METHOD *meth;
   SSL_CTX *ctx;

   SSL_library_init();
   SSL_load_error_strings();

   meth = SSLv23_method();
   ctx = SSL_CTX_new(meth);

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.crt", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Cerificate file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_certificate_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.key", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Key file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_PrivateKey_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;
   if (SSL_CTX_check_private_key(ctx) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/chain.crt", sizeof(str));
   if (file_exist(str))
      SSL_CTX_use_certificate_chain_file(ctx, str);

   return ctx;
}
Goto page Previous  1, 2, 3 ... 514, 515, 516 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6