[QGIS-Developer] Potential vulnerabilities
nadiaspit
nadia.spitilli at gmail.com
Sat Feb 1 10:33:30 PST 2020
Hi,
I am a student of Cybersecurity Master at University of Pisa. My final
project work is about a Security Test of an installation of qgis server +
lizmap web client.
At a first analysis, I found out that lizmap web client is vulnerable to
"Buffer overflow attack"
https://www.owasp.org/index.php/Buffer_overflow_attack
The problem:
"Potential Buffer Overflow. The script closed the connection and threw a 500
Internal Server Error"
The solution:
"Rewrite the background program using proper return length checking. This
will require a recompile of the background executable."
Here you can view the report
<https://drive.google.com/file/d/12s-akDIr9s127kw6MSYKRp1ph29gY_u3/view?usp=sharing>
:
I also posted this question to Lizmap web client Github: Is Buffer Overflow
vulnerability a false positive for Lizmap web client?
They suggested to ask to this group.
Any help would be very appreciated.
Kind Regards,
Nadia Spitilli
--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html
More information about the QGIS-Developer
mailing list