[debian-edu-commits] debian-edu/pkg-team/ 01/03: debian/patches: Add 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation.
Holger Levsen
holger at layer-acht.org
Sun May 22 10:07:22 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch debian/jessie/updates
in repository gosa.
commit 46f842d2469368d3e6a220fdffd0d407cae52a60
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Jan 4 22:56:15 2016 +0100
debian/patches: Add 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation.
(cherry picked from commit 475a7a3efb9eac49d124298195bfa36ffe173df2)
Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
...6_code-injection-in-samba-hash-generation.patch | 46 ++++++++++++++++++++++
.../0007_update-sambaHashHook-description.patch | 33 ++++++++++++++++
debian/patches/series | 2 +
3 files changed, 81 insertions(+)
diff --git a/debian/patches/0006_code-injection-in-samba-hash-generation.patch b/debian/patches/0006_code-injection-in-samba-hash-generation.patch
new file mode 100644
index 0000000..edef03a
--- /dev/null
+++ b/debian/patches/0006_code-injection-in-samba-hash-generation.patch
@@ -0,0 +1,46 @@
+From a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8 Mon Sep 17 00:00:00 2001
+From: bzapiec <bzapiec at 594d385d-05f5-0310-b6e9-bd551577e9d8>
+Date: Fri, 30 Oct 2015 10:07:20 +0000
+Subject: [PATCH] (See #1221) udpate samba hash generation due to a possible
+ code injection
+
+command line parameter will be passed base64 encoded to avoid
+complex escaping sequences that may alter the initial passphrase
+
+
+
+git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21280 594d385d-05f5-0310-b6e9-bd551577e9d8
+---
+ include/class_core.inc | 2 +-
+ include/functions.inc | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gosa-core/include/class_core.inc b/gosa-core/include/class_core.inc
+index 510bc5e..d3acf5b 100644
+--- a/gosa-core/include/class_core.inc
++++ b/gosa-core/include/class_core.inc
+@@ -582,7 +582,7 @@ DEBUG_SI = 256"),
+ array(
+ "name" => "sambaHashHook",
+ "type" => "command",
+- "default" => "perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen %password), $/;\"",
++ "default" => "perl -MCrypt::SmbHash -e \"use MIME::Base64; print join(q[:], ntlmgen decode_base64('%password')), $/;\"",
+ "description" => _("Command to create Samba NT/LM hashes. Required for password synchronization if you don't use supplementary services."),
+ "check" => "gosaProperty::isCommand",
+ "migrate" => "",
+diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
+index 7f84043..0385edf 100644
+--- a/gosa-core/include/functions.inc
++++ b/gosa-core/include/functions.inc
+@@ -3101,8 +3101,8 @@ function generate_smb_nt_hash($password)
+ $password = addcslashes($password, '$');
+ $password = addcslashes($password, '$'); // <- And again once, to be able to use it as parameter for the perl script.
+ $tmp = $config->get_cfg_value("core",'sambaHashHook');
+- $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+- $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
++ $tmp = preg_replace("/%userPassword/", base64_encode($password), $tmp);
++ $tmp = preg_replace("/%password/", base64_encode($password), $tmp);
+ @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
+
+ exec($tmp, $ar);
+
diff --git a/debian/patches/0007_update-sambaHashHook-description.patch b/debian/patches/0007_update-sambaHashHook-description.patch
new file mode 100644
index 0000000..1681d97
--- /dev/null
+++ b/debian/patches/0007_update-sambaHashHook-description.patch
@@ -0,0 +1,33 @@
+
+m bc9c87ceec58566274402ef032e5c22d2f4e6d91 Mon Sep 17 00:00:00 2001
+From: bzapiec <bzapiec at 594d385d-05f5-0310-b6e9-bd551577e9d8>
+Date: Fri, 30 Oct 2015 10:09:48 +0000
+Subject: [PATCH] (See #1221)
+
+update sambaHashHook description
+
+
+
+git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21281 594d385d-05f5-0310-b6e9-bd551577e9d8
+---
+ contrib/gosa.conf.5 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gosa-core/contrib/gosa.conf.5 b/gosa-core/contrib/gosa.conf.5
+index 655b7f8..fa07e5b 100644
+--- a/gosa-core/contrib/gosa.conf.5
++++ b/gosa-core/contrib/gosa.conf.5
+@@ -1073,10 +1073,10 @@ The
+ statement contains an executable to generate samba hash values. This is required
+ for password synchronization, but not required if you apply gosa-si services.
+ If you don't have mkntpasswd from the samba distribution installed, you can use
+-perl to generate the hash:
++perl to generate the hash. Keep in mind to pass the value base64 encoded to perl:
+
+ .nf
+-perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \\$ARGV[0]), $/;"
++perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen decode_base64('\\$ARGV[0]')), $/;"
+ .if
+ .PP
+
+
diff --git a/debian/patches/series b/debian/patches/series
index d4e6e77..e1ce20b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,8 @@
0003_xss-vulnerability-on-login-screen.patch
0004_fix-get-post.patch
0005_fix-password-expiry-status.patch
+0006_code-injection-in-samba-hash-generation.patch
+0007_update-sambaHashHook-description.patch
1001_fix-mass-ldapimport.patch
1002_trim-decrypt.patch
1003_RequestHeader-no-underscores-apache24.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git
More information about the debian-edu-commits
mailing list