[Bug 567648] New: phpldapadmin-1.1.0.5-1.1.noarch.rpm
http://bugzilla.novell.com/show_bug.cgi?id=567648 http://bugzilla.novell.com/show_bug.cgi?id=567648#c0 Summary: phpldapadmin-1.1.0.5-1.1.noarch.rpm Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: i386 URL: http://software.opensuse.org/search OS/Version: Other Status: NEW Keywords: Built Severity: Major Priority: P5 - None Component: 3rd party software AssignedTo: crrodriguez@novell.com ReportedBy: Michael@Moser.net QAContact: opensuse-communityscreening@forge.provo.novell.com Found By: Community User Blocker: Yes Note: Current released version from phpldapadmin is phpldapadmin-1.2.0.4 which corrects this problem PHP Debug Backtrace File /srv/www/htdocs/phpldapadmin/lib/functions.php (154) Function error (a:4:{i:0;s:77:"E_WARNING: ldap_first_attribute() expects parameter 3 to be long, array given";i:1;s:5:"error";i:2;b:1;i:3;b:1;}) File () Function pla_error_handler (a:5:{i:0;i:2;i:1;s:66:"ldap_first_attribute() expects parameter 3 to be long, array given";i:2;s:53:"/srv/www/htdocs/phpldapadmin/lib/server_functions.php";i:3;i:1778;i:4;a:13:{s:8:"resource";i:0;s:7:"base_dn";s:0:"";s:6:"filter";s:13:"objectClass=*";s:5:"attrs";a:3:{s:14:"namingContexts";a:2:{s:5:"count";i:1;i:0;s:11:"o=Expedient";}i:0;s:14:"namingContexts";s:5:"count";i:1;}s:5:"scope";s:4:"base";s:12:"sort_results";b:1;s:5:"deref";i:0;s:10:"size_limit";i:0;s:4:"this";O:10:"LDAPserver":33:{s:9:"server_id";s:1:"0";s:4:"name";s:9:"127.0.0.1";s:4:"host";s:9:"127.0.0.1";s:4:"port";s:3:"389";s:9:"auth_type";s:6:"cookie";s:8:"login_dn";s:0:"";s:10:"login_pass";s:0:"";s:19:"LDAPserver�_baseDN";N;s:21:"LDAPserver�_schemaDN";N;s:27:"LDAPserver�_schema_entries";N;s:22:"LDAPserver�connection";a:1:{s:4:"user";a:4:{s:8:"resource";i:0;s:8:"login_dn";s:24:"cn=LDAPAdmin,o=Expedient";s:10:"login_pass";s:8:"expadmin";s:9:"sasl_auth";b:0;}}s:18:"LDAPserver�lastop";s:4:"read";s:6:"hostwr";N;s:6:"portwr";s:3:"389";s:3:"tls";b:0;s:13:"low_bandwidth";b:0;s:9:"read_only";b:0;s:13:"branch_rename";b:0;s:21:"schema_oclass_default";N;s:9:"sasl_auth";b:0;s:9:"sasl_mech";s:5:"PLAIN";s:10:"sasl_realm";s:0:"";s:13:"sasl_authz_id";s:0:"";s:19:"sasl_authz_id_regex";N;s:25:"sasl_authz_id_replacement";N;s:10:"sasl_props";N;s:10:"login_attr";s:2:"dn";s:17:"login_fallback_dn";b:0;s:12:"login_string";N;s:15:"session_timeout";i:179;s:12:"default_hash";s:3:"md5";s:11:"show_create";b:1;s:7:"visible";b:1;}s:6:"search";i:0;s:6:"return";a:1:{s:0:"";a:1:{s:2:"dn";s:0:"";}}s:8:"entry_id";i:0;s:2:"dn";s:0:"";}}) File /srv/www/htdocs/phpldapadmin/lib/server_functions.php (1778) Function ldap_first_attribute (a:3:{i:0;i:0;i:1;i:0;i:2;a:3:{s:14:"namingContexts";a:2:{s:5:"count";i:1;i:0;s:11:"o=Expedient";}i:0;s:14:"namingContexts";s:5:"count";i:1;}}) File /srv/www/htdocs/phpldapadmin/lib/server_functions.php (414) Function search (a:5:{i:0;N;i:1;s:0:"";i:2;s:13:"objectClass=*";i:3;a:1:{i:0;s:14:"namingContexts";}i:4;s:4:"base";}) File /srv/www/htdocs/phpldapadmin/lib/functions.php (2913) Function getBaseDN (a:0:{}) File /srv/www/htdocs/phpldapadmin/lib/page.php (197) Function server_info_list (a:1:{i:0;b:1;}) File /srv/www/htdocs/phpldapadmin/lib/page.php (365) Function tree (a:0:{}) File /srv/www/htdocs/phpldapadmin/htdocs/cmd.php (50) Function display (a:0:{}) File /srv/www/htdocs/phpldapadmin/htdocs/index.php (90) Function include (a:1:{i:0;s:43:"/srv/www/htdocs/phpldapadmin/htdocs/cmd.php";}) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c1
Michael Moser
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c2
Michael Moser
IMPORTANT NOTE: A security vulnerability has been reported in phpLDAPadmin 1.1.x, whereby a user can use a null terminated URL to view the contents of files on your server (eg: /etc/passwd). This vulnerability is confirmed in 1.1.0.7 and probably exists in previous releases. It does not appear to affect 1.2.x.
I recommend you update to the latest version of PLA 1.2, either download it directly from sourceforge or encourage your Linux distribution to make available a 1.2 version (if they dont already have it).
-- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c3
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c4
--- Comment #4 from Michael Moser
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c5
--- Comment #5 from Cristian Rodríguez
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c6
--- Comment #6 from Marcus Rückert
http://bugzilla.novell.com/show_bug.cgi?id=567648
http://bugzilla.novell.com/show_bug.cgi?id=567648#c7
Cristian Rodríguez
participants (1)
-
bugzilla_noreply@novell.com