Date: Wed, 04 Jan 2012 14:08:49 -0700 From: Kurt Seifried <kseifrie@...hat.com> To: oss-security@...ts.openwall.com CC: Moritz MÃ¼hlenhoff <jmm@...til.org>, Craig Barratt <cbarratt@...rs.sourceforge.net>, cve-assign@...re.org, security@...ntu.com Subject: Re: CVE Request: Security issue in backuppc On 01/03/2012 02:21 PM, Kurt Seifried wrote: > On 01/03/2012 12:55 PM, Moritz Mühlenhoff wrote: >> On Thu, Oct 27, 2011 at 04:00:48PM -0500, Jamie Strandboge wrote: >>> Hi Craig, >>> >>> While preparing updates to fix CVE-2011-3361 in Ubuntu I discovered >>> another XSS vulnerability in View.pm when accessing the following URLs >>> in backuppc: >>> index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host> >>> index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host> >>> >>> You are being emailed as the upstream contact. Please keep >>> oss-security@...ts.openwall.com CC'd for any updates on this issue. >>> >>> To oss-security, can I have a CVE for this? It is essentially the same >>> vulnerability and fix as for CVE-2011-3361, but in CGI/View.pm instead >>> of CGI/Browse.pm. Attached is a patch to fix this issue. Tested on >>> 3.0.0, 3.1.0, 3.2.0 and 3.2.1. >> *ping* >> >> This hasn't ended up in a CVE assignment. >> >> Cheers, >> Moritz > I believe as per ADT4 these issues should be merged into the existing > CVE-2011-3361: > > ADT4: > > As Steve has pointed out, this was incorrect (different researcher found the second vuln). So the previous issue: CVE-2011-3361 is related to "Ensure $num is numeric in lib/BackupPC/CGI/Browse.pm to avoid XSS attack." ===================== For this new issue please use CVE-2011-4923 which covers: View.pm XSS vulnerabilities exploited via urls such as: index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host> index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host> Sorry for the mess. -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ