Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 7 Sep 2015 13:30:02 +0200
From: Raphael Geissert <geissert@...ian.org>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Ganglia-web auth bypass

On 4 September 2015 at 19:34, Ivan Novikov <in@...larm.com> wrote:
> Reported by GitHub:
> https://github.com/ganglia/ganglia-web/issues/267
>
> It's easy to bypass auth by using boolean serialization like this:
> $ php -r "echo urlencode(serialize(array('user'=>'admin',
> 'group'=>'admin', 'token'=>true)));"

Oh, indeed. I missed that back when I wrote [1].

Do you know if the groups feature is used nowadays? my comment
regarding it not being validated (i.e. taking whatever is in the
cookie) appears to still hold true.


[1] http://mid.gmane.org/CAA7hUgHW=VwfsffPfFxvhZ=fS5fPf=79jZ-tdsCkZJgEfEksjA@...l.gmail.com

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ