Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 491 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
New entries since:Thu Jan 1 01:00:00 1970
 Full | Summary | Threaded | Hide attachments  Show all entries    6460 Entries 
Goto page Previous  1, 2, 3 ... 490, 491, 492 ... 806, 807, 808   Next  
ID Date Icon Author Author Email Category OSdown ELOG Version Subject
  67032   Wed Mar 23 10:01:01 2011 Warning Olivier CallotOlivier.Callot@cern.chBug reportLinux2.9.0Mail are no longer sent from the logged in user in 2.9.0

We upgraded to Elog 2.9.0-2402 and since then mails sent by Elog when posting an item are from the default account, not from the logged in user's mail address.

The configuration is, for the mail part :

Default Email From = Olivier.Callot@cern.ch

Use Email Subject = ELOG Computing Operations - $Subject ($Site - $System - $Production number)

 

Thanks for telling me which flag/option I have to set to restore the proper mail 'From:' field.

  67035   Wed Mar 30 10:46:58 2011 Question Ma Qiumeimaqm@ihep.ac.cnQuestionLinux2.9.0-2402Why the password file can have several same username?

 In the password file, I see several same username, such as:

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

    <last_logout>Tue Apr 14 14:12:44 2009</last_logout>

    <last_activity>Wed May 19 09:39:32 2010</last_activity>

    <email>maqm@ihep.ac.cn</email>

    <email_notify/>

  </user> 

 

 

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

   <last_logout>0</last_logout>

    <last_activity>0</last_activity>

      <inactive>0</inactive>

    <email>maqm@ihep.ac.cn</email>

    <email_notify/>

  </user> 

 

 

<user>

    <name>test</name>

    <password encoding="SHA256">iXhH.</password>

    <full_name>test me</full_name>

    <last_logout>0</last_logout>

    <last_activity>0</last_activity>

      <inactive>0</inactive>

    <email>maqm@ihep.ac.cn</email>

       <email_notify/>

  </user> 

 

I don't know the reason why eLog can have the same username.

And what should I do to prevent these things happen?

 

Thanks!

 

 

 

  67037   Fri Apr 1 09:17:20 2011 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux2.9.0-2402Re: Why the password file can have several same username?

Ma Qiumei wrote:

I don't know the reason why eLog can have the same username.

And what should I do to prevent these things happen? 

Thanks for reporting that bug. It has been fixed in SVN revision 2404.  

  67039   Fri Apr 1 10:54:29 2011 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux2.9.0Re: Mail are no longer sent from the logged in user in 2.9.0

Olivier Callot wrote:

We upgraded to Elog 2.9.0-2402 and since then mails sent by Elog when posting an item are from the default account, not from the logged in user's mail address.

The configuration is, for the mail part :

Default Email From = Olivier.Callot@cern.ch

Use Email Subject = ELOG Computing Operations - $Subject ($Site - $System - $Production number)

 

Thanks for telling me which flag/option I have to set to restore the proper mail 'From:' field.

Thanks for reporting this bug. I have fixed it in SVN revision 2407. 

  67041   Fri Apr 1 16:13:44 2011 Reply Stefan Rittstefan.ritt@psi.chCommentLinux2.9.0-2402Re: Authentication error message

soren poulsen wrote:

It is very good to have Kerberos authentication available. It is just the error message which is a bit cryptic.

If you enter your Kerberos password once, and later fail to authenticate with a wrong password, you get:

Kerberos error:
Decrypt integrity check failed.
Please check your Kerberos configuration

 

That is not really urgent!


Soren

 

Can you tell me how to reproduce this? If I do it here, I just get back to the login page:

Capture019.png

Maybe it has to do with your specific Kerberos implementation? What server are you using?

 

  67044   Sun Apr 10 01:49:01 2011 Warning John Rouillardrouilj+elog@cs.umb.eduBug reportLinux2.9.0Elog 2.9.0 buffer overflow crash bug ubuntu linux
When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:

Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
#015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]

openvas reports that it was testing for CVE-2002-1212 when the crash occurred.

Startup info:

Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
Apr  9 19:35:54 unixland elogd[21584]: revision 2411

-- rouilj
  67046   Mon Apr 11 19:31:23 2011 Reply soren poulsensoren.poulsen@cern.chCommentLinux2.9.0-2402Re: Authentication error message

Stefan Ritt wrote:

soren poulsen wrote:

It is very good to have Kerberos authentication available. It is just the error message which is a bit cryptic.

If you enter your Kerberos password once, and later fail to authenticate with a wrong password, you get:

Kerberos error:
Decrypt integrity check failed.
Please check your Kerberos configuration

 

That is not really urgent!


Soren

 

Can you tell me how to reproduce this? If I do it here, I just get back to the login page:

Capture019.png

Maybe it has to do with your specific Kerberos implementation? What server are you using?

 

 I am sorry but I cannot reproduce this any more. It happened several times when I was testing different kinds of wrong user input to the authentication dialog but now there is no issue any longer. However, there has been other issues lately in this domain and it may be that the Kerberos installation has been patched by our automatic update installation.

Case closed! Thanks anyway for responding.

Soren

  67049   Fri Apr 15 08:49:26 2011 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux2.9.0Re: Elog 2.9.0 buffer overflow crash bug ubuntu linux
> When running openvas (a nessus fork) against elog 2.9.0 I provoked the following crash:
> 
> Apr  9 17:32:06 unixland elogd[1300]: POST / HTTP/1.0#015#012Host: unixland.home
> #015#012Content-Length: -800#015#012#015#012XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
> Apr  9 17:32:06 unixland kernel: [664894.491242] elogd[1300]: segfault at b7713d
> 2e ip 080b6956 sp bf8d5ea0 error 4 in elogd[8048000+96000]
> 
> openvas reports that it was testing for CVE-2002-1212 when the crash occurred.
> 
> Startup info:
> 
> Apr  9 19:35:54 unixland elogd[21584]: elogd 2.9.0 built Apr  9 2011, 17:49:08 
> Apr  9 19:35:54 unixland elogd[21584]: revision 2411
> 
> -- rouilj

I haven't tried openvas, but added a check for the negative content-length you have in the request
above in SVN revision 2413. Can you try if it still crashes?

- Stefan
Goto page Previous  1, 2, 3 ... 490, 491, 492 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6