WebADM segmentation fault when attempting to register/unregister OTP

[Steve Sargent]

Running WebADM v2.0.20, everytime I attempt to open any of the options under the "MFA Authentication Server (v1.5.3)" section for the user the WebADM service seg faults.

Error message in webadm.log file. 

[2021-06-15 13:21:02] [10.82.168.212:58029] [DEBUG:12695] Starting Admin process

[2021-06-15 13:21:02] [10.82.168.212:58029] [DEBUG:12695:watchd_frm.php:debug_log] Watchd LDAP server: LDAP Server

[2021-06-15 13:21:02] [10.82.168.212:58029] [DEBUG:12695:ldap_frm.php:debug_log] LDAP read: (objectclass=*) (CN=Open OTP,CN=Users,DC=tornado,DC=cisco,DC=com)

[2021-06-15 13:21:02] [10.82.168.212:53110] [DEBUG:12702] Starting Admin process

[2021-06-15 13:21:02] [10.82.168.212:53110] [DEBUG:12702:watchd_frm.php:debug_log] Watchd LDAP server: LDAP Server

[2021-06-15 13:21:02] [10.82.168.212:53110] [DEBUG:12702:ldap_frm.php:debug_log] LDAP read: (objectclass=*) (CN=Open OTP,CN=Users,DC=tornado,DC=cisco,DC=com)

[2021-06-15 13:21:02] AH00052: child pid 12695 exit signal Segmentation fault (11)

[2021-06-15 13:21:02] AH00052: child pid 12702 exit signal Segmentation fault (11)

[2021-06-15 13:21:03] [10.82.168.212:56787] [DEBUG:18938] Starting Admin process

[2021-06-15 13:21:03] [10.82.168.212:56787] [DEBUG:18938:watchd_frm.php:debug_log] Watchd LDAP server: LDAP Server

[2021-06-15 13:21:03] [10.82.168.212:56787] [DEBUG:18938:ldap_frm.php:debug_log] LDAP read: (objectclass=*) (CN=Open OTP,CN=Users,DC=tornado,DC=cisco,DC=com)

[2021-06-15 13:21:04] AH00052: child pid 18938 exit signal Segmentation fault (11)

Any ideas?

[Benoît Jager]

Hello,

If possible, could you activate coredump so you can get more information on the segmentation fault? What is your OS?

Best regards

[Steve Sargent]

Hello, 

I am running CentOS Linux 7.9.2009

Kernel 3.10.0-1160.31.1.el7.x86_64

Please let me know if you are able to access this location.  Three dump files were created when attempting to access the MFA options for the user.

https://cisco.box.com/s/vib0pr8ut5czq1u8w39v998tkanp13an

Thanks,

Steve S.

[Yoann Traut (RCDevs)]

Hello Steve,

Thank you for the core dump. 

Which DB and version are you using with WebADM ? 

Does the DB is running locally ? 

Which ODBC driver are you using ? (this can be found in /opt/webadm/conf/servers.xml  > SQL Section > Type): 

I also had a similar issue last week but it was a problem of corrupted packages downloaded through our repository. 

If you are using our repository, please clean the downloaded package and try to re-download the packages from the repository. It fixed the problem on my side.

Regards 

[Steve Sargent]

Hi,

Everything is local to this setup. 

Is this the information you are looking for?  

<SqlServer name="SQL Server"
        type="MySQL"
        host="localhost"
        user="webadm"
        password="webadm"
        database="webadm"
        encryption="NONE" />

<!--

I am using the RCDEV repository and cleaned and reinstalled the webadm package and still see the same issue.  Not sure if I did this process correctly.

This is the process I did.

1. yum clean packages

2. yum clean all

3. yum reinstall webadm

Thanks,

Steve S.

--
You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/e1d6e873-2595-4869-b6bf-aa9b1e9e5bb0n%40googlegroups.com.

[Yoann Traut (RCDevs)]

Hello Steve, 

I need the output of the following command : 

mysql -v 

And do again the following : 

yum clean packages

yum clean all 

yum reinstall webadm openotp

Regards 

[Yoann Traut (RCDevs)]

Can you also provide the output of the following command : 

md5sum /opt/webadm/lib/htdocs/frameworks/*.php

Regards 

[Steve Sargent]

-bash-4.2# mysql -v
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 52299
Server version: 5.5.68-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Reading history-file /root/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/73f1ed50-3819-48fd-a294-dbd6b22bff68n%40googlegroups.com.

[Yoann Traut (RCDevs)]

Ok, adapt your SQL section in servers.xml file to use MariaDB driver :  

<SqlServer name="SQL Server"
        type="MariaDB"

        host="localhost"
        user="webadm"
        password="webadm"
        database="webadm"
        encryption="NONE" />

[Steve Sargent]

-bash-4.2# md5sum /opt/webadm/lib/htdocs/frameworks/*.php
74da62ea65860f31dbb2e2ef2d73316e  /opt/webadm/lib/htdocs/frameworks/app_frm.php
0fbc3a7aa5348c08163e0fa5007ae952  /opt/webadm/lib/htdocs/frameworks/compat_frm.php
c4d0271ff07591f04f14f43bdbe31b38  /opt/webadm/lib/htdocs/frameworks/config_frm.php
93bd0f0104f53f94bbe5d7937a036294  /opt/webadm/lib/htdocs/frameworks/control_frm.php
cf4a0300ab6969c0c0f382eeb945944a  /opt/webadm/lib/htdocs/frameworks/core_frm.php
ae612565c20e6efa161ebb8d9ec42079  /opt/webadm/lib/htdocs/frameworks/crypt_frm.php
72d05b142720c6755cdb15758bd423cf  /opt/webadm/lib/htdocs/frameworks/device_frm.php
a3e4a6a40fa8967cd19cae12a58000ba  /opt/webadm/lib/htdocs/frameworks/domain_frm.php
6060181169706db477faddda680881e0  /opt/webadm/lib/htdocs/frameworks/hsm_frm.php
39f7d712afe38477e8d074bfc47f95c9  /opt/webadm/lib/htdocs/frameworks/ldap_frm.php
e48957cf462df8efafbbc665cdcaaa26  /opt/webadm/lib/htdocs/frameworks/ldapmp_frm.php
1afa7341e762096c2cfc8b1990bf83d1  /opt/webadm/lib/htdocs/frameworks/ldif_frm.php
e393a6cbf3b99a4ff9a6c8961c46bf78  /opt/webadm/lib/htdocs/frameworks/license_frm.php
64bf63cdb659a320717f49f71a130600  /opt/webadm/lib/htdocs/frameworks/manag_exp.php
7fe5ee427fb310458507fb645b61004c  /opt/webadm/lib/htdocs/frameworks/manag_frm.php
23c7769dc87e05e384ae694e3243a344  /opt/webadm/lib/htdocs/frameworks/msg_frm.php
95e35f6ae738af5cfd5227375a77a62c  /opt/webadm/lib/htdocs/frameworks/pdf_frm.php
33a40ab2bba47595f07bc58b5013b4a2  /opt/webadm/lib/htdocs/frameworks/pki_frm.php
1352a1460df29fe743f496f3dbfb68dc  /opt/webadm/lib/htdocs/frameworks/policy_frm.php
2a799e546b3ca328dc991a3b5f5d3402  /opt/webadm/lib/htdocs/frameworks/proxy_frm.php
3b6018e976bfafdd6778bfc75b9a5389  /opt/webadm/lib/htdocs/frameworks/qrcode_frm.php
a60b7ab8367633e3eb99b2e03eac0bbe  /opt/webadm/lib/htdocs/frameworks/render_frm.php
8d43782f333c21d404e870715bcdf2f8  /opt/webadm/lib/htdocs/frameworks/setup_database.php
487ef6304165ba8f302dd480ab92292b  /opt/webadm/lib/htdocs/frameworks/setup_frm.php
43e30a5f7afcac1503c94be6d6c148d1  /opt/webadm/lib/htdocs/frameworks/shm_frm.php
bb3ff4d876609796920489cd1434a883  /opt/webadm/lib/htdocs/frameworks/sm_frm.php
423353f35c673ae50c532f534b849277  /opt/webadm/lib/htdocs/frameworks/sql_frm.php
50648d4ec3c3b8ddb2be48c7b180fdbc  /opt/webadm/lib/htdocs/frameworks/support_frm.php
d7ce4a27c860bc2dce89218d587febdd  /opt/webadm/lib/htdocs/frameworks/ui_frm.php
04db4f8772d05d9a40fddd37adf34785  /opt/webadm/lib/htdocs/frameworks/voice_frm.php
9efd9271eb05514ee7adae68b15c7832  /opt/webadm/lib/htdocs/frameworks/watchd_frm.php
26c461791f3b78abf8e003ad627000d2  /opt/webadm/lib/htdocs/frameworks/webapp_exp.php
b96db307f11cd1d6843705248538bcb5  /opt/webadm/lib/htdocs/frameworks/webapp_frm.php
b272a9c01e5a541276f5274133746bf4  /opt/webadm/lib/htdocs/frameworks/websrv_exp.php
f02ee7777c408968ba73d86c830e7205  /opt/webadm/lib/htdocs/frameworks/websrv_frm.php
b294f44aa5cb5882288d853a7283cb27  /opt/webadm/lib/htdocs/frameworks/xmlconv_frm.php
1d109f61f78ba87050991cc6799b6633  /opt/webadm/lib/htdocs/frameworks/xmlspec_frm.php

You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/zUW6bsWm2tc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/6bc25c79-8bfd-4b8a-9d0a-34c5487c742cn%40googlegroups.com.

[Steve Sargent]

New settings.  Restarted Webadm service after.  Still have the same results.

<SqlServer name="SQL Server"
        type="MariaDB"
        host="localhost"
        user="webadm"
        password="webadm"
        database="webadm"
        encryption="NONE" />

<!--

To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/28339bd6-b5dd-42c1-9082-d567c01f7b81n%40googlegroups.com.

[Yoann Traut (RCDevs)]

Hello, 

I just installed the last webadm/openotp versions on the same OS/Kernel than you and I am not able to reproduce the issue.

We will provide you a  new build today. If you can install it and let us know if it solved your issue ?

Regards

[Yoann Traut (RCDevs)]

Hello, 

We just need more information from your infra in order to try to identify  the root cause : 

- Does your WebADM is running on an Hypervisor ? If yes, then which one (ESX, Proxmox...) and what is the virtual HDD format on the ESX ? Does the disks are mounted on the OS through symbolic links ? Is it a network HDD ? 

- Are you using an internal repository like 'Satellite' to sync our packages from our repositories to install packages afterward? 

- When you have that segmentation fault, does OpenOTP still serves the authentication requests ? 

- Are you able to access web application like selfdesk or any other and register a token through that app for e.g ? 

Regards

[Steve Sargent]

Hi,

This install was migrated from one ESXi server to a new setup.  This is a test environment that is only used for testing purposes so it is NOT business critical.

Here are the details of the ESXi install

• 
  Hypervisor:VMware ESXi, 6.7.0, 17700523
  
• Model:UCSC-C220-M5SX
  
• Processor Type:Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz
  
• Logical Processors:72
  
• NICs:8
  
• Virtual Machines:20
  
• State:Connected
  
• Uptime:17 days
  

Repository used

-bash-4.2# repoquery -i webadm

Name        : webadm
Version     : 2.0.20
Release     : 1
Architecture: x86_64
Size        : 328023400
Packager    : RCDevs packagers <in...@rcdevs.com>
Group       : Applications/Internet
URL         : http://www.rcdevs.com/
Repository  : rcdevs
Summary     : WebADM Server
Source      : webadm-2.0.20-1.src.rpm
Description :
RCDevs WebADM Server for Linux
Copyright (c) 2010-2021 RCDevs Security SA, All rights reserved
Please report software installation issues to bu...@rcdevs.com

HDD is on a LUN

Name

n73c01nas016-lun0

Type

VMFS 5.61

Maximum file size

62.94 TB

Maximum virtual disk size

62 TB

Block size

1 MB

Drive type

Flash

I am not able to provision users because I cannot access the MFA page.  I have never setup the self registration functionality, not sure how to do that.  I try to access the URL and 

This page isn’t working

esc-openotp.cisco.com didn’t send any data.

ERR_EMPTY_RESPONSE

Thanks,

Steve S.

To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/bff3a212-74c8-4c6f-9a38-80b60297caa0n%40googlegroups.com.

[Yoann Traut (RCDevs)]

Thank you. 

Could you provide the following output please ? 

 cat /proc/cpuinfo 

Regards 

[Steve Sargent]

-bash-4.2# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 45
model name      : Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz
stepping        : 2
microcode       : 0x2006a08
cpu MHz         : 2294.609
cache size      : 25344 KB
physical id     : 0
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov                                                                                                              pat pse36 clflush mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_pe                                                                                                             rfmon nopl tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 cx16 sse4_1 sse                                                                                                             4_2 popcnt aes xsave avx hypervisor lahf_lm arat
bogomips        : 4589.21
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 45
model name      : Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz
stepping        : 2
microcode       : 0x2006a08
cpu MHz         : 2294.609
cache size      : 25344 KB
physical id     : 2
siblings        : 1
core id         : 0
cpu cores       : 1
apicid          : 2
initial apicid  : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov                                                                                                              pat pse36 clflush mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_pe                                                                                                             rfmon nopl tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 cx16 sse4_1 sse                                                                                                             4_2 popcnt aes xsave avx hypervisor lahf_lm arat
bogomips        : 4589.21
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

-bash-4.2#

To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/f42db395-6e22-4f6d-9a66-df258465d768n%40googlegroups.com.

[Yoann Traut (RCDevs)]

Thank you. 

We are investigating and coming back to you ASAP. 

Regards

[Steve Sargent]

Just as an update.  I was able to load the original VMWare snapshot back to WebADM version 1.7.10. and this has restored full functionality.  I attempted to upgrade again by just running the yum update commands to move to version 2.2 and the issue is reproducible.  Not sure if that helps.

[thomas.bra...@googlemail.com]

Hello Steve,

is the issue still open ?

Regards

[Steve Sargent]

Hi, yes this issue is still open.  I have rolled back the VM I was using to a previous snapshot, but tried the upgrade again and hit the same issue.  I am stuck at the older version of the installation. 

You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/zUW6bsWm2tc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/0098584b-fec7-4beb-bdb9-8505463c6eafn%40googlegroups.com.

[Steve Sargent]

Hi All,

Any ideas on next steps for this issue?  If needed you can look at the box directly over a remote session.

Thanks,

Steve S.

[Yoann Traut (RCDevs)]

Hello, 

Can you try with WebADM 2.0.23 and OpenOTP 2.0.0-2  and let us know if your issue still persist ?

Regards