Skip to content

Commit

Permalink
Importing system enviroment in v-change-user-password
Browse files Browse the repository at this point in the history 
Thanks to @ScIT-Raphael for discovering this bug
  • Loading branch information
@dpeca
dpeca committed Apr 11, 2020
1 parent cc8a3e0 commit cfc46bb
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions bin/v-change-user-password
View file
Expand Up @@ -13,6 +13,10 @@
user=$1 user=$1
password=$2; HIDE=2 password=$2; HIDE=2


# Importing system enviroment as we run this script
# mostly by cron wich not read it by itself
source /etc/profile

# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
Expand Down

3 comments on commit cfc46bb

@Skamasle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi

Why not add this just in main.sh ?
Maybe in orther site we have some bug related

And I suppose this bug affect only debian / ubuntu ?

@ScIT-Raphael
Copy link

@ScIT-Raphael ScIT-Raphael commented on cfc46bb Apr 12, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And I suppose this bug affect only debian / ubuntu ?

The security fix was for our fork, hestiacp/hestiacp@63931b6, which currently runs on ubuntu or debian only, so I can't answer your question. We got informed from Orange Cyberdefense Team (https://cyberdefense.orange.com/), which pointed us to the issue - probaly CentOS is also affected.

@dpeca
Copy link
Collaborator Author

@dpeca dpeca commented on cfc46bb Jun 23, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com

Please sign in to comment.