]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f367d5b) | patch
{proxy,chpasswd}.cgi: Fix a remote code execution vulnerability
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 4 Apr 2016 15:41:30 +0000 (16:41 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 8 Apr 2016 14:54:53 +0000 (15:54 +0100)
commit0aff7b81965c06756ff42482ef0aa3ccfa68bf8f
treeaa3a7c3179bf23868522c8e522751ecf0f3dfbe7tree | snapshot
parentf367d5b38845e73b6e4963374c021e565283208dcommit | diff
{proxy,chpasswd}.cgi: Fix a remote code execution vulnerability

Handcrafted requests with shell commands could be sent to these
CGI files and gain shell access as unprivileged user.

References: #11087

Reported-by: Yann Cam <yann.cam@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/chpasswd.cgi diff | blob | blame | history
html/cgi-bin/proxy.cgi diff | blob | blame | history
IPFire 2.x development tree