Module: check_mk
Branch: master
Commit: c0eb917b81c699990bdc45b7f7accdcfebcd7d7d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c0eb917b81c699…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Sep 19 09:45:55 2018 +0200
6625 FIX Fixed possible failed mkbackup because of changed mknotifyd state file
The mknotifyd used specific names for a temporary file which was not excluded by
the mkbackup mechanism. When a backup was performed while the mknotifyd wrote it's
state file, the backup could fail with an exception like this:
OSError: [Errno 2] No such file or directory: \'/omd/sites/int_ma_5351/var/log/mknotifyd.state.new\'
CMK-1011
Change-Id: If50e8ba088197fbd027f8f57f786c6471f2cb811
---
.werks/6625 | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/.werks/6625 b/.werks/6625
new file mode 100644
index 0000000..39eaee3
--- /dev/null
+++ b/.werks/6625
@@ -0,0 +1,15 @@
+Title: Fixed possible failed mkbackup because of changed mknotifyd state file
+Level: 1
+Component: core
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1537343031
+
+The mknotifyd used specific names for a temporary file which was not excluded by
+the mkbackup mechanism. When a backup was performed while the mknotifyd wrote it's
+state file, the backup could fail with an exception like this:
+
+OSError: [Errno 2] No such file or directory: \'/omd/sites/int_ma_5351/var/log/mknotifyd.state.new\'
Module: check_mk
Branch: master
Commit: 01a589a8ac777aa3f984bcc484e09ca44b1ac040
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=01a589a8ac777a…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Sep 17 20:40:40 2018 +0200
6622 SEC Fixed possible open redirect on login page
It was possible to redirect an user to external websites through manipulating
GET parameters. To exploit this vulnerability, an attacker needs to trick a
user into following a crafted URL. The attack only works if the user does not
notice that he is redirected to a different URL.
Change-Id: I072a6e1b49cd33a104f9c0c26113b29f46e2a86d
---
.werks/6622 | 13 +++++++++++++
cmk/gui/login.py | 5 ++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/.werks/6622 b/.werks/6622
new file mode 100644
index 0000000..e8fdd4c
--- /dev/null
+++ b/.werks/6622
@@ -0,0 +1,13 @@
+Title: Fixed possible open redirect on login page
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1537209561
+Class: security
+
+It was possible to redirect an user to external websites through manipulating
+GET parameters. To exploit this vulnerability, an attacker needs to trick a
+user into following a crafted URL. The attack only works if the user does not
+notice that he is redirected to a different URL.
diff --git a/cmk/gui/login.py b/cmk/gui/login.py
index 27dc61a..c7d8a9b 100644
--- a/cmk/gui/login.py
+++ b/cmk/gui/login.py
@@ -371,7 +371,7 @@ def do_login():
# - logout.py: Happens after login
# - side.py: Happens when invalid login is detected during sidebar refresh
# - Full qualified URLs (http://...) to prevent redirection attacks
- if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or '://' in origtarget:
+ if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or not utils.is_allowed_url(origtarget):
origtarget = config.url_prefix() + 'check_mk/'
# None -> User unknown, means continue with other connectors
@@ -438,6 +438,9 @@ def normal_login_page(called_directly = True):
html.header(config.get_page_heading(), javascripts=[], stylesheets=["pages", "login"])
origtarget = html.var('_origtarget', '')
+ if not utils.is_allowed_url(origtarget):
+ origtarget = html.makeuri([])
+
if not origtarget and not html.myfile in [ 'login', 'logout' ]:
origtarget = html.makeuri([])