Описание
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lemonldap-ng | fixed | 2.21.3+ds-1 | package | |
| lemonldap-ng | fixed | 2.21.2+ds-1+deb13u1 | trixie | package |
| lemonldap-ng | no-dsa | bookworm | package | |
| lemonldap-ng | postponed | bullseye | package |
Примечания
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3462
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3470
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/6e86f70be5499d09dfaaff307632be8a10f7e58f (v2.21.3)
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/0c1ae1644bbddad34da2644228953babf137f64c (v2.21.3)
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/228d01945d48015f3f9ea8a8dc64d7e6a27750e9 (v2.16.7)
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8b5ce4de7716f550d353f406b4867378c81aee7c (v2.16.7)
EPSS
Связанные уязвимости
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
EPSS