Skip to content

Commit f7430b1

Browse files
AshishworksAshishworks
committed
Fix Windows Docker setup by enforcing LF line endings
1 parent 0318583 commit f7430b1

3 files changed

Lines changed: 78 additions & 67 deletions

File tree

.gitattributes

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,12 @@
1-
.VERSION export-subst
1+
.VERSION export-subst
2+
3+
# Force LF line endings to avoid Windows CRLF breaking Docker/Linux shebangs
4+
* text=auto eol=lf
5+
6+
*.py text eol=lf
7+
*.sh text eol=lf
8+
Dockerfile text eol=lf
9+
Makefile text eol=lf
10+
*.yml text eol=lf
11+
*.yaml text eol=lf
12+
*.env text eol=lf

docs/make.bat

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,35 @@
1-
@ECHO OFF
2-
3-
pushd %~dp0
4-
5-
REM Command file for Sphinx documentation
6-
7-
if "%SPHINXBUILD%" == "" (
8-
set SPHINXBUILD=sphinx-build
9-
)
10-
set SOURCEDIR=source
11-
set BUILDDIR=build
12-
13-
if "%1" == "" goto help
14-
15-
%SPHINXBUILD% >NUL 2>NUL
16-
if errorlevel 9009 (
17-
echo.
18-
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
19-
echo.installed, then set the SPHINXBUILD environment variable to point
20-
echo.to the full path of the 'sphinx-build' executable. Alternatively you
21-
echo.may add the Sphinx directory to PATH.
22-
echo.
23-
echo.If you don't have Sphinx installed, grab it from
24-
echo.http://sphinx-doc.org/
25-
exit /b 1
26-
)
27-
28-
%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
29-
goto end
30-
31-
:help
32-
%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
33-
34-
:end
35-
popd
1+
@ECHO OFF
2+
3+
pushd %~dp0
4+
5+
REM Command file for Sphinx documentation
6+
7+
if "%SPHINXBUILD%" == "" (
8+
set SPHINXBUILD=sphinx-build
9+
)
10+
set SOURCEDIR=source
11+
set BUILDDIR=build
12+
13+
if "%1" == "" goto help
14+
15+
%SPHINXBUILD% >NUL 2>NUL
16+
if errorlevel 9009 (
17+
echo.
18+
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
19+
echo.installed, then set the SPHINXBUILD environment variable to point
20+
echo.to the full path of the 'sphinx-build' executable. Alternatively you
21+
echo.may add the Sphinx directory to PATH.
22+
echo.
23+
echo.If you don't have Sphinx installed, grab it from
24+
echo.http://sphinx-doc.org/
25+
exit /b 1
26+
)
27+
28+
%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
29+
goto end
30+
31+
:help
32+
%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
33+
34+
:end
35+
popd

vulnerabilities/tests/test_data/fireeye/fireeye_test3.md

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,31 @@
1-
# MNDT-2023-0017
2-
3-
The IBM Personal Communications (PCOMM) application 13.0.0 and earlier caused a user's plaintext password to be written to the `C:\Temp\pcsnp_init.log` file when re-connection was made through a remote desktop protocol.
4-
5-
## Common Weakness Enumeration
6-
CWE-312: Cleartext Storage of Sensitive Information
7-
8-
## Impact
9-
High - An attacker with low-privilege access to a host with IBM PCOMM could recover the plaintext password of another user.
10-
11-
## Exploitability
12-
Low - Exploitability varies depending on the environment in which IBM PCOMM is installed. Mandiant identified this vulnerability when conducting independent security research for a client that used Citrix to connect to shared Windows Server instances. In certain environments where remote desktop is used to connect to shared hosts with IBM PCOMM installed, the exploitability is greatly increased.
13-
14-
## CVE Reference
15-
CVE-2016-0321 - scope expanded
16-
17-
## Technical Details
18-
While conducting independent security research, Mandiant identified a plaintext Active Directory password stored within the `C:\Temp\pcsnp_init.log` file. The affected host had IBM PCOMM version 13.0.0 installed and was used by multiple users who connected with Citrix. Upon a user connecting, disconnecting, and connecting again, the user's plaintext password was stored in the `C:\Temp\pcsnp_init.log` file.
19-
20-
## Discovery Credits
21-
- Adin Drabkin, Mandiant
22-
- Matthew Rotlevi, Mandiant
23-
24-
## Disclosure Timeline
25-
- 2023-09-26 - Issue reported to the vendor.
26-
- 2023-11-03 - The vendor updated the security bulletin for CVE-2016-0321 to include all known affected and fixed versions.
27-
28-
## References
29-
- [IBM Security Bulletin](https://www.ibm.com/support/pages/security-bulletin-ibm-personal-communications-could-allow-remote-user-obtain-sensitive-information-including-user-passwords-allowing-unauthorized-access-cve-2016-0321)
30-
- [IBM Personal Communications](https://www.ibm.com/support/pages/ibm-personal-communications)
31-
- [Mitre CVE-2016-0321](https://www.cve.org/CVERecord?id=CVE-2016-0321)
1+
# MNDT-2023-0017
2+
3+
The IBM Personal Communications (PCOMM) application 13.0.0 and earlier caused a user's plaintext password to be written to the `C:\Temp\pcsnp_init.log` file when re-connection was made through a remote desktop protocol.
4+
5+
## Common Weakness Enumeration
6+
CWE-312: Cleartext Storage of Sensitive Information
7+
8+
## Impact
9+
High - An attacker with low-privilege access to a host with IBM PCOMM could recover the plaintext password of another user.
10+
11+
## Exploitability
12+
Low - Exploitability varies depending on the environment in which IBM PCOMM is installed. Mandiant identified this vulnerability when conducting independent security research for a client that used Citrix to connect to shared Windows Server instances. In certain environments where remote desktop is used to connect to shared hosts with IBM PCOMM installed, the exploitability is greatly increased.
13+
14+
## CVE Reference
15+
CVE-2016-0321 - scope expanded
16+
17+
## Technical Details
18+
While conducting independent security research, Mandiant identified a plaintext Active Directory password stored within the `C:\Temp\pcsnp_init.log` file. The affected host had IBM PCOMM version 13.0.0 installed and was used by multiple users who connected with Citrix. Upon a user connecting, disconnecting, and connecting again, the user's plaintext password was stored in the `C:\Temp\pcsnp_init.log` file.
19+
20+
## Discovery Credits
21+
- Adin Drabkin, Mandiant
22+
- Matthew Rotlevi, Mandiant
23+
24+
## Disclosure Timeline
25+
- 2023-09-26 - Issue reported to the vendor.
26+
- 2023-11-03 - The vendor updated the security bulletin for CVE-2016-0321 to include all known affected and fixed versions.
27+
28+
## References
29+
- [IBM Security Bulletin](https://www.ibm.com/support/pages/security-bulletin-ibm-personal-communications-could-allow-remote-user-obtain-sensitive-information-including-user-passwords-allowing-unauthorized-access-cve-2016-0321)
30+
- [IBM Personal Communications](https://www.ibm.com/support/pages/ibm-personal-communications)
31+
- [Mitre CVE-2016-0321](https://www.cve.org/CVERecord?id=CVE-2016-0321)

0 commit comments

Comments
 (0)