In response to a recent ExponentCMS security vulnerability which allows a cross-site script injection to allow anybody to create a new admin user, I’ve written the following script that will automatically apply the necessary patch.
Suggested usage:
find /home/*/public_html/framework/datatypes -name user.php -exec python fixRegBug.py {} \;
#!/usr/bin/env python
# encoding: utf-8
"""
fixRegBug.py
Created by Ron Miller on 2011-05-03.
Copyright (c) 2011 Youcentric Solutions. All rights reserved.
"""
import sys
import os
def main():
if sys.argv[1] is None:
print "Please specify path to user.php"
exit(255)
oldfile = open(sys.argv[1], "r")
newfile = open(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), "w")
for line in oldfile:
if "if(isset($params['is_admin']) || isset($params['is_acting_admin'])) $this->checkAdminFlags();" in line:
line = "\t$this->checkAdminFlags();"
newfile.write(line)
newfile.flush()
print "Found and fixed vulnerability in %s" % sys.argv[1]
else:
newfile.write(line)
newfile.flush()
newfile.close()
oldfile.close()
os.rename(sys.argv[1], os.path.join(os.path.dirname(sys.argv[1]), "user.old.php"))
os.rename(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), sys.argv[1])
if __name__ == '__main__':
main()
With the release of Ubuntu 10.04, the tun driver, commonly used for VPN connectivity, has been moved into the kernel, instead of being loaded as a module as it was previously. Unfortunately, the Juniper and Aventail VPN clients check for VPN support in the kernel by running a “modprobe tun”, instead of checking for the presence of the device nodes. This causes the VPN connections to immediately fail, even though they would otherwise succeed. Searching the Ubuntu forums, I happened upon this thread:
http://ubuntuforums.org/showthread.php?t=1459559
After trying a couple of the other fixes, I finally found a script, posted by cdenley (http://www.chrisdenley.com/) which successfully works around the issue by creating a null driver named tun, which the VPN clients can then modprobe with no harmful results to satisfy their requirements.
#! /usr/bin/env bash
sudo apt-get install build-essential linux-headers-`uname -r`
mkdir faketun
cd faketun
echo -e "#include <linux /module.h>\nstatic int start__module(void) {return 0;}\nstatic void end__module(void){return;}\nmodule_init(start__module);\nmodule_exit(end__module);">tun.c
echo -e "obj-m += tun.o\nall:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) modules\nclean:\n\tmake -C /lib/modules/\$(shell uname -r)/build/ M=\$(PWD) clean\nclean-files := Module.symvers">Makefile
make
sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko
sudo depmod -a
sudo modprobe tun