"login.tcl" generated in a CP core dump


#1

Hi,


One our customers reported that their R77.30 device has Operating System coredumps related to "login.tcl" but I failed to find on the Internet similar reports about coredumps.


The file is located at /web/cgi-bin2/login.tcl and is related to web access to the device.


CP SK101967 refers to "Forbidden. You don't have permission to access /cgi-bin/login.tcl on this server" error when connecting to Gaia Portal but there is no mention about other side effects.


Have you encountered similar issues?


#2

Hi Shouky, how does the customer know that the dump is related to login.tcl ? As it is not a process as such, I am curious which process actually coredumped ?


#3

Any idea on how often this customer has admins logging in to the GAiA portal and CLISH at the same time having to invoke the lock database override command? Perhaps there is an exceeded amount of unlocks that confuses the database. It would be interesting to look at the checkpoint SmartView Tracker Management audit logs (or similar) to see where the db is being unlocked and by who. It would give us a clue.


#4

Have you opened a ticket with the Check Point TAC on this?