Univention Bugzilla – Full Text Bug Listing |
Summary: | UMC server crashes on malicious upload request | ||
---|---|---|---|
Product: | UCS | Reporter: | Dirk Wiesenthal <wiesenthal> |
Component: | UMC (Generic) | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Dirk Wiesenthal <wiesenthal> |
Severity: | major | ||
Priority: | P5 | CC: | best |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | 7: Crash: Bug causes crash or data loss |
Who will be affected by this bug?: | 5: Will affect all installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Dirk Wiesenthal
2016-05-27 11:59:34 CEST
This is not nice! You don't need to be authenticated to do this. And the UMC-Server port is opened everywhere. umc-client -s example.com -n UPLOAD foo -F /dev/null univention-management-console.yaml: r70660 | YAML Bug #41370 univention-management-console (8.0.28-16): r70659 | Bug #41370: fix crashing of server on malicious request data r70658 | Bug #41370: fix crashing of server on malicious request data Code: OK YAML: OK |