You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@lenya.apache.org by Jörn Nettingsmeier <po...@uni-duisburg.de> on 2006/06/08 01:26:03 UTC

security issue in lenya 1.4

hi !

if you're running lenya 1.4 in production or in any situation where you 
may have untrusted local users, or trusted users with a weird sense of 
humour and advanced computer skills, you will want to comment out the 
following section from your WEB-INF/cocoon.xconf and restart lenya:

<!--
     <component-instance 
class="org.apache.lenya.cms.ac.usecases.UserPassword" 
logger="lenya.admin" name="admin.changePassword">
       <view menu="true" template="usecases/admin/changePassword.jx">
         <tab group="admin" name="users"/>
       </view>
       <exit usecase="admin.user"/>
     </component-instance>
-->

there appears to be a local privilege escalation and dos exploit.

regards,

jörn



-- 
"Open source takes the bullshit out of software."
	- Charles Ferguson on TechnologyReview.com

--
Jörn Nettingsmeier, EDV-Administrator
Institut für Politikwissenschaft
Universität Duisburg-Essen, Standort Duisburg
Mail: pol-admin@uni-due.de, Telefon: 0203/379-2736

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org

Re: security issue in lenya 1.4

Posted by Jörn Nettingsmeier <po...@uni-duisburg.de>.

Michael Wechner wrote:
> Jörn Nettingsmeier wrote:
>> hi !
>>
>> if you're running lenya 1.4 in production or in any situation where 
>> you may have untrusted local users, or trusted users with a weird 
>> sense of humour and advanced computer skills, you will want to comment 
>> out the following section from your WEB-INF/cocoon.xconf and restart 
>> lenya:
>>
>> <!--
>>     <component-instance 
>> class="org.apache.lenya.cms.ac.usecases.UserPassword" 
>> logger="lenya.admin" name="admin.changePassword">
>>       <view menu="true" template="usecases/admin/changePassword.jx">
>>         <tab group="admin" name="users"/>
>>       </view>
>>       <exit usecase="admin.user"/>
>>     </component-instance>
>> -->
>>
>> there appears to be a local privilege escalation and dos exploit.
> 
> I would suggest let's comment it within trunk and add a TODO/Bug that 
> this needs to be protected better
> before we enable it again.

very good idea. i'll be working on a fix this afternoon. should be done 
and tested tomorrow.

-- 
"Open source takes the bullshit out of software."
	- Charles Ferguson on TechnologyReview.com

--
Jörn Nettingsmeier, EDV-Administrator
Institut für Politikwissenschaft
Universität Duisburg-Essen, Standort Duisburg
Mail: pol-admin@uni-due.de, Telefon: 0203/379-2736

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org

Re: security issue in lenya 1.4

Posted by Michael Wechner <mi...@wyona.com>.

Jörn Nettingsmeier wrote:
> hi !
>
> if you're running lenya 1.4 in production or in any situation where 
> you may have untrusted local users, or trusted users with a weird 
> sense of humour and advanced computer skills, you will want to comment 
> out the following section from your WEB-INF/cocoon.xconf and restart 
> lenya:
>
> <!--
>     <component-instance 
> class="org.apache.lenya.cms.ac.usecases.UserPassword" 
> logger="lenya.admin" name="admin.changePassword">
>       <view menu="true" template="usecases/admin/changePassword.jx">
>         <tab group="admin" name="users"/>
>       </view>
>       <exit usecase="admin.user"/>
>     </component-instance>
> -->
>
> there appears to be a local privilege escalation and dos exploit.

I would suggest let's comment it within trunk and add a TODO/Bug that 
this needs to be protected better
before we enable it again.

Michi
>
> regards,
>
> jörn
>
>
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
michael.wechner@wyona.com                        michi@apache.org
+41 44 272 91 61


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org

Re: security issue in lenya 1.4

Posted by Andreas Hartmann <an...@apache.org>.

Jörn Nettingsmeier wrote:
> hi !
> 
> if you're running lenya 1.4 in production or in any situation where you 
> may have untrusted local users, or trusted users with a weird sense of 
> humour and advanced computer skills, you will want to comment out the 
> following section from your WEB-INF/cocoon.xconf and restart lenya:
> 
> <!--
>     <component-instance 
> class="org.apache.lenya.cms.ac.usecases.UserPassword" 
> logger="lenya.admin" name="admin.changePassword">
>       <view menu="true" template="usecases/admin/changePassword.jx">
>         <tab group="admin" name="users"/>
>       </view>
>       <exit usecase="admin.user"/>
>     </component-instance>
> -->
> 
> there appears to be a local privilege escalation and dos exploit.

Thanks for the pointer!
Would you mind filing a bug?

-- Andreas


-- 
Andreas Hartmann
Wyona Inc.  -   Open Source Content Management   -   Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
andreas.hartmann@wyona.com                     andreas@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org