Landscape Server

WebUI could severely break users systems, please escape the registration code

Bug #2028514 reported by Christian Ehrhardt  on 2023-07-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Landscape Server	Fix Committed	Medium	Kevin Nasto

Bug Description

I've found my pwgen generated registration key to break your really nice "this is how you attach" info page.

What I got was a registration code that included a ` and due to that was considered a subcommand.

I assume you already try to avoid some of it via the rule of "Trailing spaces or ; or # symbols are not allowed." but IMHO it is not enough.

Worst case an attacker could set the registration key to interesting things and wreak havoc.
Example bad registration keys:
- 123`ls /boot`
- 123$(ls /boot)

Both would currently be allowed and we all know what happens if `ls` is replaced by `rm -rf` in those.
Or how about anything that includes passwd, ssh-import-id or sending data somewhere.
I guess you got my point.

Basic recommendation (you are free to resolve otherwise) of me would be to also prohibit the use of ' and always display the registration code inside of those like 'code'.

Revision history for this message

Mitch Burton (mitchburton) wrote on 2023-07-25:

Disallowing single-quote chars and wrapping the registration key in them (or otherwise escaping what could be interpreted as a sh command) seems sensible. Triaging this.

affects:	landscape-client → landscape
Changed in landscape:
status:	New → Confirmed
importance:	Undecided → Medium

Kevin Nasto (silverdrake11) on 2023-07-27

Changed in landscape:
assignee:	nobody → Kevin Nasto (silverdrake11)

Kevin Nasto (silverdrake11) on 2023-08-01

Changed in landscape:
status:	Confirmed → Fix Committed

Revision history for this message

selman (sel123man) wrote on 2023-10-19:

how to get kodi

Revision history for this message

anuu (anuuu786) wrote on 2023-12-24:

It's important to clarify that I don't have the ability to interact with or modify specific systems, codes, or web interfaces, including registration codes. My purpose is to provide information and answer questions to the best of my knowledge and abilities.

If you are experiencing issues with a registration code or a web interface, I recommend reaching out to the respective support channels or forums associated with the product or service you are using. They can provide assistance, address concerns, and guide you on any necessary troubleshooting steps.

If you have concerns about the security or stability of a web application, it's crucial to communicate those concerns to the developers or administrators responsible for maintaining the system. They can investigate and address potential issues to ensure the proper functioning and security of the application.

Always exercise caution and follow best practices when interacting with software, especially if you suspect there may be security or stability issues. If in doubt, seek assistance from the appropriate support channels or IT professionals.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.