GOGS/Gitea Fix Critical API Auth By-Pass

I subscribe to updates from the forums and wasn’t alerted to this critical issue.

Manasseh Zhou reported a critical session bypass issue in the go-marcaron framework which impacts Gogs 0.11.86 @ 2019-01-30 and Gitea < 1.5.4.
Because of missing access checks; an attacker can log into any account and run arbitrary commands on an effected server.

This was reported as CVE-2018-18926 and CVE-2018-18925
Manasseh provides a detailed breakdown of the issue on his site.

Gogs and Gitea users should update immediately to the latest release.

On a side note; I’m concerned about the timeline here. This issue was first reported to the Gogs project in late 2018 and opened as a github issue in Aug. of 2019 which finally got the attention of unknwon and was resolved two days later. Gitea fixed this issue in Oct. of 2018.
I will be looking into other tools to internally host our git repositories.

I love Cockpit CMS

I've had a lot of fun playing with Cockpit CMS.
It's a "An API-driven CMS without forcing you to make compromises in how you implement your site."

Its a CMS without a front end. The front end is completely up to you. This tool takes care of all the back-end stuff. It provides a UI for building content types, uploading media, editing media and content, doing site backups and authentication. How the data is displayed is entierly up to you.

Built with a custom microframework called "Lime" which looks alot like slim2 and a storage system called "Mongo lite", it provides everything you need to build small sites that are a joy to work with.

The documentation includes a walk-through on how to build a simple blog.

phpseclib is awesome

While looking for something to help php connect to a sftp server I stumbled across libphpsec which is a fantastic library that has no dependencies and works in all versions of php. The documentation takes a "cookbook" approch which works really well for me.

The real genius to this library is it makes no assumptions about your environment.
If a suitable native function doesn't exist, there is a pure php one to pick up the slack.
The following are implemented in pure php:

  • BigIntegers
  • RSA
  • SSH2
  • SFTP
  • X.509
  • Symmetric key encryption

    • AES
    • Rijndael
    • Twofish
    • Blowfish
    • DES
    • 3DES
    • RC4
    • RC2

    I'm amazed that someone loved this problem enough to do this much work on it and thankful he chose to open-source it.
    Terrafrost, if your ever able to make it to the Austin PHP Beverage Subgroup; (4th Wednesday) the drinks are on me guy.

     

Open Webalizer DNS cache with PHP

Problem:

Webalizer produces a cache file for DNS to speed up the process for resolving addresses to names but no utilities exist to browse this kind of file.

Background:

Webalizer is a log file analyser which can provide basic site usage stats by processing your apache log files. Its a standard utility in a RHEL envirnment. One feature of it is caching DNS information to speed up resolving addresses for reporting purposes. It uses a Berkeley DB to store these key/value pairs for quick lookup. Unfortunatly there really arn’t an gui tools for getting a look at this data. On my machine, its a 70MB file and I’d really like to get a look at that data.

So there are a couple of ways to do this.
MySQL comes with a bdb storage engine which can read this kind of file.

Or, you could use PHP and its driver to load this information.
I chose the latter.

Environment:
I’m starting with a base install of ubuntu 11 and zend server.
Using zend server makes the process more complicated but makes the process more standardized.  ZS uses the same paths for files on every OS it installs on.

Install dependent software.

Zend doesn’t come with this module by default, so we’ll need to compile it.
Make sure you’ve got the basics needed to compile under ubuntu installed.


aptitude install install build-essential checkinstall autoconf

Next we need to make sure that libdb4 is installed so we can reference it in php.

aptitude install libdb4.8-dev db4.8-util db4.8-doc libdb4.8

And finaly, we need the header files for zend server’s php.

sudo aptitude install php-5.3-source-zend-server

Sanity check – Lets make sure that the module isn’t installed.


php --ri dba
Extension 'dba' not present.

Great. Lets build it.


cd /usr/local/zend/share/php-source/php-5.3.9/ext/dba/
/usr/local/zend/bin/phpize
./configure --with-php-config=/usr/local/zend/bin/php-config --with-db4
make
make install
echo "extension=dba.so" > /usr/local/zend/etc/conf.d/dba.ini

lets check that again


php --ri dba
dba

DBA support => enabled
Supported handlers => gdbm cdb cdb_make db4 inifile flatfile

Directive => Local Value => Master Value
dba.default_handler => flatfile => flatfile

Done. We can now access the dba functions from the command line.
They’ll also get picked up by apache the next time you restart.

Build a quick script to read the dns cache and output it as a comma separated list.


<?php
/**
* Requires the dba module be enabled with db4 support.
*/
$path = dirname(__FILE__) . '/dns_cache.db';
$logPath = $path . '.txt';
echo 'Loading ' . $path . chr(10);

$row = 0;
$h = dba_open($path,'r','db4');
$fh = fopen($logPath,'w+');

if(!$h){
echo 'Failed to open db';
die();
}

echo "Exporting Key/Values pairs...\n";
$key = dba_firstkey($h);
$value = dba_fetch($key,$h);
$value = filter_var($value,FILTER_SANITIZE_URL);
$key = filter_var($key,FILTER_SANITIZE_URL);
fwrite($fh, "$key,$value\n");
$row++;

while($key = dba_nextkey($h)){
$value = dba_fetch($key,$h);
$value = filter_var($value,FILTER_SANITIZE_URL);
$key = filter_var($key,FILTER_SANITIZE_URL);
fwrite($fh, "$key,$value\n");
$row++;
}
echo "Printed $row key/value pairs." . chr(10);
echo 'Done' . chr(10);
dba_close($h);

I called my script test.php.
Then run it from the command line.


php -r ./test.php

Loading /home/{MASKED}/dns_cache.db
Exporting Key/Values pairs...
Printed 703268 key/value pairs.
Done

Not sure if this is the best way to get at this data but its the route I chose and it worked.
Your mileage may vary.

Firmware file “b43legacy/ucode4.fw” not found or load failed.

Getting the wireless to work on a Dell Latitude D600 under ubuntu or debian is a pain.

Problem:

The network manager under gnome says ‘firmware missing or not installed’.
and “sudo dmesg | grep ERROR” returns a message like


b43legacy-phy3 ERROR: Firmware file "b43legacy/ucode4.fw" not found or load failed.
b43legacy-phy3 ERROR: You must go to http://linuxwireless.org/en/users/Drivers/b43#devicefirmware and download the correct firmware (version 3).

Solution:

Go here:
http://linuxwireless.org/en/users/Drivers/b43#Ubuntu.2FDebian and download the ‘b43legacy’

sudo su
cd ~
wget http://downloads.openwrt.org/sources/wl_apsta-3.130.20.0.o

Install the b43-fwcutter utility.

apt-get install b43-fwcutter

Use the utility to extract the firmware.


b43-fwcutter ./wl_apsta-3.130.20.0.o

This will create a directory in the current directory with the firmware files. It will be called “b43legacy”.

Move the folder into your /lib/firmware directory and reboot and you should find the firmware needed by your wireless card.


mv ./b43legacy /lib/firmware/
reboot

And enjoy wifi goodness on your linux powered laptop.