Univention Bugzilla – Bug 42405
escape DN's in ucsschool.lib.schoolldap
Last modified: 2021-11-29 17:20:06 CET
Created attachment 8012 [details] patch There are some DN's which are configurable via UCR variables. They currently can break UCS@school or allow LDAP DN injections as they are not escaped. Attached patch fixes this.
This issue has been filed against UCS@school 4.1. UCS@school 4.1 is out of maintenance and many UCS@school components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS@school versions, please reopen it and update the UCS@school version. In this case please provide detailed information on how this issue is affecting you.
Still unfixed.
Fixed in: ucs-school-lib (13.0.4) 931452b9b849 | Bug #42405: escape DNs in ucsschool.lib.schoolldap
ucs-school-lib (13.0.4) a84d8b690100 | Bug #42405: [ucs-school-lib] escape LDAP DN's and filters ucs-school-import (18.0.1) 39b5c5574e0c | Bug #42405: [ucs-school-import] escape LDAP DN's and filters
QA: ucs-school-lib: LDAP DN's and filters are escaped OK ucs-school-import: LDAP DN's and filters are escapd OK
UCS@school 5.0 v1 has been released. https://docs.software-univention.de/release-notes-ucsschool-5.0v1-de.html If this error occurs again, please clone this bug.