Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 6 Mar 2012 13:40:48 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: smokeping XSS

* [2012-02-27 20:26:05 +0100] Florian Weimer wrote:

>* Vincent Danen:
>
>> https://bugzilla.redhat.com/show_bug.cgi?id=783584
>
>Is the patch
>
>https://bugzilla.redhat.com/attachment.cgi?id=556619
>
>really correct?  It does not strip the two magic characters "=
>(" should be enough, = is just defensive), so it's probably still
>possible to inject an onmouseover handler and CSS which enlarges the
>affected HTML element so that the handler is practically guaranteed to
>fire.
>
>I've just looked at the patch, I haven't got a (patched or unpatched)
>smokeping instance to test this.

Sorry, slowly catching up on mails here.

Whether that is right or wrong, I'm not 100% sure; you'd have to ask
upstream.  I just did the diff since I couldn't find a svn/git repo web
interface to generate a patch, so if it's wrong, then upstream has got
it wrong as well.

I see that Fedora has used a patch (not sure if it's the same or not),
so if I get a chance in the next few days I'll try the new version to
try to validate the fix.

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ