| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68708
|
Tue Dec 5 15:30:43 2017 |
 | Christian Herzog | herzog@phys.ethz.ch | Question | Linux | ELOG V3.1.2 | possible DOS vulnerability with negative Content-Length field |
Hi,
a routine scan revealed a possible DOS attack vector: sending an invalid POST HTTP request with a negative Content-Length field crashes our elog instance, leading to service unavailability.
thanks,
-Christian
--
Dr. Christian Herzog <herzog@phys.ethz.ch> support: +41 44 633 26 68
IT Services Group, HPT H 8 voice: +41 44 633 39 50
Department of Physics, ETH Zurich
8093 Zurich, Switzerland http://nic.phys.ethz.ch/
|
|
1591
|
Fri Jan 13 02:37:10 2006 |
 | Chris Warner | christopher_warner@dcd.uscourts.gov | Comment | Linux | | Re: LDAP |
| Stefan Ritt wrote: |
| Carl Shirey wrote: | I know you want to make ELOG a stand alone program. But is there a way to still make a stand alone but have the option work with LDAP?
FYI
Elog works great we us it for our shift carryover and we have about 25 people useing it and I have heard no complants with it.
Thanks |
I added your vote to the "PAM" authentication on the wishlist, since PAM contains an LDAP module. |
Please Add my vote too. I think that would be great. |
|
1592
|
Fri Jan 13 03:21:32 2006 |
 | Chris Warner | christopher_warner@dcd.uscourts.gov | Question | Linux | | Problem selecting ports |
I had problems getting elog to run on port 8080 (or many others). I have it installed on Redhat Enterprise Linux rel 4. The only way I was able to get it working was using port 80. I would like to run it on a different port if possible but I'm not sure what is wrong.
Any Ideas |
|
1593
|
Fri Jan 13 13:16:25 2006 |
 | Chris Warner | christopher_warner@dcd.uscourts.gov | Question | Linux | | Automatic Copy to |
| Is it possible to configure elog to copy a new entry from 1 logbook to another? |
|
1596
|
Tue Jan 17 13:59:58 2006 |
| Chris Warner | christopher_warner@dcd.uscourts.gov | Question | Linux | | Re: Problem selecting ports |
Nevermind. this was an iptables issue.
| Chris Warner wrote: | I had problems getting elog to run on port 8080 (or many others). I have it installed on Redhat Enterprise Linux rel 4. The only way I was able to get it working was using port 80. I would like to run it on a different port if possible but I'm not sure what is wrong.
Any Ideas |
|
|
1597
|
Tue Jan 17 14:09:17 2006 |
| Chris Warner | christopher_warner@dcd.uscourts.gov | Question | Linux | | Email based on not attribute value |
Is it possible to send an email if an attribute is not equal to a specific value?
For instance, I have a server logbook that several people are able to write to. There is one person that is ultimately responsible for this server. I would like to generate an email any time that someone other than the System Administrator creates a new entry.
Thanks,
Chris Warner |
|
1607
|
Wed Jan 18 17:20:45 2006 |
| Chris Warner | christopher_warner@dcd.uscourts.gov | Bug report | Linux | 2.6 | Buffer Overflow? |
Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
|
1615
|
Fri Jan 20 02:53:40 2006 |
 | Chris Warner | christopher_warner@dcd.uscourts.gov | Comment | Linux | 2.6 | Re: Buffer Overflow? |
| Stefan Ritt wrote: |
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Thanks for the quick response! |