Date: Thu, 26 Jan 2012 10:15:27 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Christian Boltz <oss-securrity@...ltz.de> Subject: Re: CVE request: PostfixAdmin SQL injections and XSS On 01/26/2012 04:07 AM, Christian Boltz wrote: > Hello, > > we (the upstream PostfixAdmin developers) received a report about SQL > injections and XSS in PostfixAdmin. > > Please assign a CVE number to those issues. > > The issues are fixed in PostfixAdmin 2.3.5, which I'll release today or > tomorrow. > > > For reference, here's the changelog with all details: > > - fix SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt') > - fix SQL injection in backup.php - the dump was not mysql_escape()d, > therefore users could inject SQL (for example in the vacation message) > which will be executed when restoring the database dump. > WARNING: database dumps created with backup.php from 2.3.4 or older might > contain malicious SQL. Double-check before using them! > - fix XSS with $_GET[domain] in templates/menu.php and edit-vacation > - fix XSS in some create-domain input fields > - fix XSS in create-alias and edit-alias error message > - fix XSS (by values stored in the database) in fetchmail list view, > list-domain and list-virtual > - create-domain: fix SQL injection (only exploitable by superadmins) > - add missing $LANG['pAdminDelete_admin_error'] > - don't mark mailbox targets with recipient delimiter as "forward only" > - wrap hex2bin with function_exists() - PHP 5.3.8 has it as native function So basically we have two sets of vulnerabilities: multiple SQL injections and multiple XSS vulnerabilities, correct? > Gruß > > Christian Boltz -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.