[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Cacti XSS fixes in 0.8.7g
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-07-26 19:20:09
Message-ID: 1809296454.1554981280172009597.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Sorry for the delay. IDs inline.
----- "Tomas Hoger" <thoger@redhat.com> wrote:
> Hi!
>
> Cacti 0.8.7g was released some days ago:
> http://cacti.net/release_notes_0_8_7g.php
>
> Release notes mention couple of security issue previously fixed in
> (withdrawn) 0.8.7f, but adds new protections against couple of XSS
> issues.
>
>
> "XSS 4" from CVE-2009-4032 was not fixed previously:
> https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17
>
> Fixed in include/top_graph_header.php change in:
> http://svn.cacti.net/viewvc?view=rev&revision=6025
Use CVE-2010-2543
>
>
> Search pattern in log file viewer was not filtered for bad
> characters,
> or escaped before echoing pattern back to page:
> https://bugzilla.redhat.com/show_bug.cgi?id=459105
>
> Possible victims are administrative users with access to log viewer
> page. Fixed in r6025, which adds escaping to other search patterns
> too, but others were filtered previously.
Use CVE-2010-2544
>
>
> Multiple persistent XSS via various item names or descriptions.
> Attacker needs to have certain administrative privileges, so this is
> fairly lame issue.
> https://bugzilla.redhat.com/show_bug.cgi?id=459229
>
> Originally discovered for template names, where template XML import
> provides additional vector (trusted admin tricked to import untrusted
> template vs. untrusted admin). HTML escaping added on various places
> in r6037, r6038, r6041 and r6042.
>
Use CVE-2010-2545
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic