Date: Sat, 21 Jun 2014 15:16:23 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-sec <oss-security@...ts.openwall.com> Cc: team@...urity.debian.org, Eduard Bloch <edi@....de> Subject: Re: XSS vulnerability in apt-cacher-ng On ven., 2014-06-20 at 12:06 +0200, Eduard Bloch wrote: > Hello Security Team, > > I am sorry to report that one of my packages (with upstream hat on) has > an XSS attack vulnerability. The way for the attacker to exploit this is > to redirect the user's browser in a LAN to apt-cacher-ng server (which > address the attacker has to know) with a manipulated URL. Since the > location and TCP port of the cacher server are configurable, it's IMHO > not totally easy to find but is still a good attack vector with insider > knowledge. > > Here is the proposed fix: > > http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commitdiff;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad > > It simply doesn't show the path in the browser output, because it has no > value there. It only needs to be in the http status line in order to be > displayed in apt-get's messages, there is no need for users to visit > such an URL and see that message. > Hi, it seems there is an XSS vulnerability present in apt-cacher-ng. According to above text the issue looks minime, but I guess it still can do with a CVE, could one be allocated? Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ