Bug 49445 - sql injection in remove_s4_rejected.py
sql injection in remove_s4_rejected.py
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Florian Best
Felix Botner
:
Depends on:
Blocks: 49640 49865
  Show dependency treegraph
 
Reported: 2019-05-10 11:50 CEST by Florian Best
Modified: 2019-07-17 13:57 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (1.89 KB, patch)
2019-05-10 11:50 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-05-10 11:50:51 CEST
Created attachment 10020 [details]
patch

root@master100:/usr/share/univention-s4-connector# ./remove_s4_rejected.py 'OU=ôscŵ\?ê\3Dô\<4,OU=öGF!*'"'"')%%ẑ,DC=school,DC=dev'
Traceback (most recent call last):
  File "./remove_s4_rejected.py", line 66, in <module>
    remove_s4_rejected(s4_dn)
  File "./remove_s4_rejected.py", line 46, in remove_s4_rejected
    c.execute("SELECT key FROM 'S4 rejected' WHERE value='%s'" % s4_dn)
sqlite3.OperationalError: near ")": syntax error
Comment 1 Florian Best univentionstaff 2019-06-13 13:18:16 CEST
univention-s4-connector.yaml
ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py

univention-s4-connector (13.0.2-16)
ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py
Comment 2 Felix Botner univentionstaff 2019-06-13 14:14:25 CEST
OK
Comment 3 Arvid Requate univentionstaff 2019-06-19 15:52:42 CEST
<http://errata.software-univention.de/ucs/4.4/155.html>