[Fedora-directory-commits] ldapserver/ldap/cm/newinst ns-update, 1.6, 1.6.2.1
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Wed Apr 30 18:28:32 UTC 2008
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4673/ldap/cm/newinst
Modified Files:
Tag: Directory71RtmBranch
ns-update
Log Message:
Resolves: RHSA-2008:0199
Description: A shell command injection flaw in the Red Hat Administration
Server replication monitor CGI script could be exploited by an attacker to
execute arbitrary shell commands with root privileges.
Index: ns-update
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Attic/ns-update,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- ns-update 19 Apr 2005 22:07:20 -0000 1.6
+++ ns-update 30 Apr 2008 18:28:30 -0000 1.6.2.1
@@ -169,6 +169,13 @@
start_server $sroot $dir
echo ""
done
+ # fixup any admin server files
+ if [ -f $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl.backup ] ; then
+ echo Already have repl-monitor-cgi.pl patch, skipping . . .
+ else
+ cp -f -p $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl.backup
+ cp -f -p $sroot/bin/slapd/admin/scripts/template-repl-monitor-cgi.pl $sroot/bin/admin/admin/bin/repl-monitor-cgi.pl
+ fi
fi
wrap_security_tools $sroot
More information about the Fedora-directory-commits
mailing list