[zabbix/el6] Patch LDAP security issue CVE-2013-1364
Volker Fröhlich
volter at fedoraproject.org
Thu Jan 17 21:37:09 UTC 2013
commit 1c97252744f9669ae993e5d59aa67989e6d8c781
Author: Volker Fröhlich <volker27 at gmx.at>
Date: Thu Jan 17 22:36:33 2013 +0100
Patch LDAP security issue CVE-2013-1364
zabbix-1.8.16-ldap.patch | 50 ++++++++++++++++++++++++++++++++++++++++++++++
zabbix.spec | 8 +++++++
2 files changed, 58 insertions(+), 0 deletions(-)
---
diff --git a/zabbix-1.8.16-ldap.patch b/zabbix-1.8.16-ldap.patch
new file mode 100644
index 0000000..50edd12
--- /dev/null
+++ b/zabbix-1.8.16-ldap.patch
@@ -0,0 +1,50 @@
+Index: frontends/php/authentication.php
+===================================================================
+--- frontends/php/authentication.php (revision 32382)
++++ frontends/php/authentication.php (revision 32383)
+@@ -123,7 +123,9 @@
+
+ $result = true;
+ if(ZBX_AUTH_LDAP == $config['authentication_type']){
+- $result = CUser::ldapLogin(array('user'=>$alias,'password'=>$passwd,'cnf'=>$ldap_cnf));
++ $ldap = new CLdap($ldap_cnf);
++ $ldap->connect();
++ $result = $ldap->checkPass($alias, $passwd);
+ }
+
+ // If we do save and auth_type changed, reset all sessions
+@@ -152,7 +154,9 @@
+ }
+ }
+
+- $result = CUser::ldapLogin(array('user'=>$alias,'password'=>$passwd,'cnf'=>$ldap_cnf));
++ $ldap = new CLdap($ldap_cnf);
++ $ldap->connect();
++ $result = $ldap->checkPass($alias, $passwd);
+
+ show_messages($result, S_LDAP.SPACE.S_LOGIN.SPACE.S_SUCCESSFUL_SMALL, S_LDAP.SPACE.S_LOGIN.SPACE.S_WAS_NOT.SPACE.S_SUCCESSFUL_SMALL);
+ }
+Index: frontends/php/api/classes/class.cuser.php
+===================================================================
+--- frontends/php/api/classes/class.cuser.php (revision 32382)
++++ frontends/php/api/classes/class.cuser.php (revision 32383)
+@@ -1093,14 +1093,12 @@
+ public static function ldapLogin($user){
+ $name = $user['user'];
+ $passwd = $user['password'];
+- $cnf = isset($user['cnf'])?$user['cnf']:null;
+
+- if(is_null($cnf)){
+- $config = select_config();
+- foreach($config as $id => $value){
+- if(zbx_strpos($id,'ldap_') !== false){
+- $cnf[str_replace('ldap_','',$id)] = $config[$id];
+- }
++ $config = select_config();
++ $cnf = array();
++ foreach($config as $id => $value){
++ if(zbx_strpos($id,'ldap_') !== false){
++ $cnf[str_replace('ldap_','',$id)] = $config[$id];
+ }
+ }
+
diff --git a/zabbix.spec b/zabbix.spec
index 8d7c333..c6cec5d 100644
--- a/zabbix.spec
+++ b/zabbix.spec
@@ -30,6 +30,10 @@ Patch1: zabbix-1.8.4-fonts-config.patch
# remove flash content (#737337)
Patch2: zabbix-1.8.8-no-flash.patch
+#https://support.zabbix.com/browse/ZBX-6097
+#CVE-2013-1364
+Patch3: %{srcname}-1.8.16-ldap.patch
+
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: mysql-devel
@@ -258,6 +262,7 @@ Zabbix web frontend for SQLite
# DejaVu fonts doesn't exist on EL <= 5
%if 0%{?fedora} || 0%{?rhel} >= 6
%patch1 -p1
+%patch3 -p0
# remove included fonts
rm -rf frontends/php/fonts
@@ -613,6 +618,9 @@ fi
%changelog
+* Thu Jan 17 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.16-2
+- Patch for CVE-2013-1364
+
* Wed Jan 16 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.16-1
- update to 1.8.16
More information about the scm-commits
mailing list