[zabbix/el6] Patch LDAP security issue CVE-2013-1364

Thu Jan 17 21:37:09 UTC 2013

commit 1c97252744f9669ae993e5d59aa67989e6d8c781
Author: Volker Fröhlich <volker27 at gmx.at>
Date:   Thu Jan 17 22:36:33 2013 +0100

    Patch LDAP security issue CVE-2013-1364

 zabbix-1.8.16-ldap.patch |   50 ++++++++++++++++++++++++++++++++++++++++++++++
 zabbix.spec              |    8 +++++++
 2 files changed, 58 insertions(+), 0 deletions(-)
---

diff --git a/zabbix-1.8.16-ldap.patch b/zabbix-1.8.16-ldap.patch
new file mode 100644
index 0000000..50edd12
--- /dev/null
+++ b/zabbix-1.8.16-ldap.patch
@@ -0,0 +1,50 @@
+Index: frontends/php/authentication.php
+===================================================================
+--- frontends/php/authentication.php	(revision 32382)
++++ frontends/php/authentication.php	(revision 32383)
+@@ -123,7 +123,9 @@
+ 
+ 			$result = true;
+ 			if(ZBX_AUTH_LDAP == $config['authentication_type']){
+-				$result = CUser::ldapLogin(array('user'=>$alias,'password'=>$passwd,'cnf'=>$ldap_cnf));
++				$ldap = new CLdap($ldap_cnf);
++				$ldap->connect();
++				$result = $ldap->checkPass($alias, $passwd);
+ 			}
+ 
+ // If we do save and auth_type changed, reset all sessions
+@@ -152,7 +154,9 @@
+ 				}
+ 			}
+ 
+-			$result = CUser::ldapLogin(array('user'=>$alias,'password'=>$passwd,'cnf'=>$ldap_cnf));
++			$ldap = new CLdap($ldap_cnf);
++			$ldap->connect();
++			$result = $ldap->checkPass($alias, $passwd);
+ 
+ 			show_messages($result, S_LDAP.SPACE.S_LOGIN.SPACE.S_SUCCESSFUL_SMALL, S_LDAP.SPACE.S_LOGIN.SPACE.S_WAS_NOT.SPACE.S_SUCCESSFUL_SMALL);
+ 		}
+Index: frontends/php/api/classes/class.cuser.php
+===================================================================
+--- frontends/php/api/classes/class.cuser.php	(revision 32382)
++++ frontends/php/api/classes/class.cuser.php	(revision 32383)
+@@ -1093,14 +1093,12 @@
+ 	public static function ldapLogin($user){
+ 		$name = $user['user'];
+ 		$passwd = $user['password'];
+-		$cnf = isset($user['cnf'])?$user['cnf']:null;
+ 
+-		if(is_null($cnf)){
+-			$config = select_config();
+-			foreach($config as $id => $value){
+-				if(zbx_strpos($id,'ldap_') !== false){
+-					$cnf[str_replace('ldap_','',$id)] = $config[$id];
+-				}
++		$config = select_config();
++		$cnf = array();
++		foreach($config as $id => $value){
++			if(zbx_strpos($id,'ldap_') !== false){
++				$cnf[str_replace('ldap_','',$id)] = $config[$id];
+ 			}
+ 		}
+ 
diff --git a/zabbix.spec b/zabbix.spec
index 8d7c333..c6cec5d 100644
--- a/zabbix.spec
+++ b/zabbix.spec
@@ -30,6 +30,10 @@ Patch1:         zabbix-1.8.4-fonts-config.patch
 # remove flash content (#737337)
 Patch2:         zabbix-1.8.8-no-flash.patch
 
+#https://support.zabbix.com/browse/ZBX-6097
+#CVE-2013-1364
+Patch3:         %{srcname}-1.8.16-ldap.patch
+
 Buildroot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:   mysql-devel
@@ -258,6 +262,7 @@ Zabbix web frontend for SQLite
 # DejaVu fonts doesn't exist on EL <= 5
 %if 0%{?fedora} || 0%{?rhel} >= 6
 %patch1 -p1
+%patch3 -p0
 
 # remove included fonts
 rm -rf frontends/php/fonts
@@ -613,6 +618,9 @@ fi
 
 
 %changelog
+* Thu Jan 17 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.16-2
+- Patch for CVE-2013-1364
+
 * Wed Jan 16 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.16-1
 - update to 1.8.16
 
