Univention Bugzilla – Bug 49640
sql injection in remove_ad_rejected.py
Last modified: 2019-07-31 13:58:40 CEST
The same applies to the AD-Connector scripts. +++ This bug was initially created as a clone of Bug #49445 +++ root@master100:/usr/share/univention-s4-connector# ./remove_s4_rejected.py 'OU=ôscŵ\?ê\3Dô\<4,OU=öGF!*'"'"')%%ẑ,DC=school,DC=dev' Traceback (most recent call last): File "./remove_s4_rejected.py", line 66, in <module> remove_s4_rejected(s4_dn) File "./remove_s4_rejected.py", line 46, in remove_s4_rejected c.execute("SELECT key FROM 'S4 rejected' WHERE value='%s'" % s4_dn) sqlite3.OperationalError: near ")": syntax error
12364a645f Bug #49640: yaml 90e35808e2 Bug #49640: fix sql evaluation in remove_{ucs,ad}_rejected.py Successful build Package: univention-ad-connector Version: 13.0.0-10A~4.4.0.201907251417 Branch: ucs_4.4-0 Scope: errata4.4-1 User: jbremer
OK: Scripts OK: YAML
<http://errata.software-univention.de/ucs/4.4/199.html>