lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 3 Dec 2005 09:52:46 +0800
From: Louis Wang <bill.louis@...il.com>
To: Daniel Bertrand <danb@...urityfocus.com>,
	bugtraq@...urityfocus.com
Subject: Re: WebCalendar


Hi, Dan:

For some vulnerability has fixed by the vendor, I have update this
vulnerability advisory, sorry for any trouble I have caused to you.


The following is the updated advisory.:

===================================================
WebCalendar CRLF Injection Vulnerability

I. BACKGROUND
WebCalendar is a PHP application used to maintain a calendar for one
or more persons and for a variety of purposes.

II. DESCRIPTION
CRLF injection vulnerability in WebCalendar layers_toggle.php allows
remote attackers to inject false HTTP headers into an HTTP request,
via a URL containing encoded carriage return, line feed, and other
whitespace characters.

III. PUBLISH DATE
Publish Date: 2005-12-1
Update Date: 2005-12-2

IV. AUTHOR
lwang (lwang at lwang dot org)

V. AFFECTED SOFTWARE
WebCalendar version 1.0.1 and 1.1.0 are affected. Older versions are
not verified.

VI. ANALYSIS
in layers_toggle.php, parameter $ret does not validation.
if ( empty ( $error ) ) {
// Go back to where we where if we can figure it out.
if ( strlen ( $ret ) )
do_redirect ( $ret );
else if ( ! empty ( $HTTP_REFERER ) )
do_redirect ( $HTTP_REFERER );
else
send_to_preferred_view ();

Proof of Concept:
http://victim/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_to]


VII. SOLUTION
Input validation will fix the bug.

VIII. ADVISORY
http://vd.lwang.org/webcalendar_crlf_injection.txt

VIII. REFERENCE
http://www.k5n.us/webcalendar.php






On 12/2/05, Daniel Bertrand <danb@...urityfocus.com> wrote:
>
> Hi,
>
> What is the vendor web site for this application? I need this information
> to write up this BID.
>
> Regards,
>
> Dan B.
>
>
>
>



--
Regards,
Bill Louis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ