[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Cacti XSS fixes in 0.8.7g
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-07-26 19:20:09
Message-ID: 1809296454.1554981280172009597.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Sorry for the delay. IDs inline.


----- "Tomas Hoger" <thoger@redhat.com> wrote:

> Hi!
> 
> Cacti 0.8.7g was released some days ago:
>   http://cacti.net/release_notes_0_8_7g.php
> 
> Release notes mention couple of security issue previously fixed in
> (withdrawn) 0.8.7f, but adds new protections against couple of XSS
> issues.
> 
> 
> "XSS 4" from CVE-2009-4032 was not fixed previously:
>   https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17
> 
> Fixed in include/top_graph_header.php change in:
>   http://svn.cacti.net/viewvc?view=rev&revision=6025

Use CVE-2010-2543

> 
> 
> Search pattern in log file viewer was not filtered for bad
> characters,
> or escaped before echoing pattern back to page:
>   https://bugzilla.redhat.com/show_bug.cgi?id=459105
> 
> Possible victims are administrative users with access to log viewer
> page.  Fixed in r6025, which adds escaping to other search patterns
> too, but others were filtered previously.

Use CVE-2010-2544

> 
> 
> Multiple persistent XSS via various item names or descriptions.
> Attacker needs to have certain administrative privileges, so this is
> fairly lame issue.
>   https://bugzilla.redhat.com/show_bug.cgi?id=459229
> 
> Originally discovered for template names, where template XML import
> provides additional vector (trusted admin tricked to import untrusted
> template vs. untrusted admin).  HTML escaping added on various places
> in r6037, r6038, r6041 and r6042.
> 

Use CVE-2010-2545

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]