Univention Bugzilla – Full Text Bug Listing |
Summary: | univentionLDAPSchemaFilename=/../../../../../etc/shadow,cn=ldapschema,cn=univention | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | univention-lib | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | hahn, requate |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=34400 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 8.7 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H) |
Description
Florian Best
2016-07-12 14:29:12 CEST
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you. The affected listener is management/univention-ldap/listener/ldap_extension.py but its implementation is in base/univention-lib/python/ldap_extension.py. I added a test case for the issues, which is currently set to SKIPed. ucs-test (9.0.2-48) 394a75192f69 | Bug #41780: Add 71_udm-settings/52_secure_filename_validation.py The test case tests all combinations: * create/modify/remove ACL/schema objects with ../ and / pathes. * no files are created in different pathes than allowed * if the old files are removed when renaming an object from an valid name to an invalid name * if no file is removed when removing an acl/schema object Basedir restriction and filename validation has been added. univention-lib (8.0.0-10) 7141c0851292 | Bug #41780: Merge branch 'fbest/41780-schema-filename-injection' into 4.4-0 7cca0ecf0f39 | YAML Bug #41780 78683b480a0e | Bug #41780: PEP 8 54f395162bfb | Bug #41780: limit LDAP ACL's and Schema files to base directory 85cf9162e282 | Bug #41780: fix ldap filter escaping ucs-test (9.0.2-53) 7141c0851292 | Bug #41780: Merge branch 'fbest/41780-schema-filename-injection' into 4.4-0 4ffe8b1c9c47 | Bug #41780: Extend 71_udm-settings/52_secure_filename_validation.py 394a75192f69 | Bug #41780: Add 71_udm-settings/52_secure_filename_validation.py univention-lib.yaml 7141c0851292 | Bug #41780: Merge branch 'fbest/41780-schema-filename-injection' into 4.4-0 7cca0ecf0f39 | YAML Bug #41780 * Code review: Ok * Jenkins Tests: Ok * Advisory: Ok |