lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 20 Jan 2016 13:37:34 GMT
From: bugtraq@...ernetwache.org
To: bugtraq@...urityfocus.com
Subject: [CVE-2016-1926] XSS in Greenbone Security Assistant &#8805; 6.0.0
 and < 6.0.8

Hello, 

Vulnerability information
===============
Date: 13th January 2016
Product: Greenbone Security Assistant &#8805; 6.0.0 and < 6.0.8
Vendor: OpenVAS <http://www.openvas.org/>
Risk: Low, CVSS 1.9 (AV:A/AC:M/Au:M/C:P/I:N/A:N) 

Description
===============
It has been identified that Greenbone Security Assistant (GSA) is vulnerable to cross site scripting due to a improper handling of the parameters of the get_aggregate command. Given the attacker has access to a session token of the browser session, the cross site scripting can be executed. OpenVAS-7 is not affected. 

Fix
===============
OpenVAS recommends that the publicly available patches are applied. If building from source, then patches r24056 (for Greenbone Security Assistant 6.0.x of OpenVAS-8) should be obtained from the OpenVAS SVN repository. For trunk (beta status of OpenVAS-9) this was solved with r24055.

A fresh tarball containing the latest stable release of Greenbone Security Assistant 6.0 (OpenVAS-8) can be obtained from:

    http://wald.intevation.org/frs/download.php/2283/greenbone-security-assistant-6.0.8.tar.gz

In the event that OpenVAS has been supplied as part of a distribution then the vendor or organisation concerned should be contacted for a patch. 

Full advisory
===============
See [1].

Timeline
===============
- 07.01.2016: XSS discovered and reported to vendor.
- 08.01.2016, 08:00: Acknowledgement from vendor and info that fix is already in progress.
- 08.01.2016, 17:30: Fix ready, QA and testing needed
- 09.01.2016: Update released for Greenbone Security Manager: Advisory GBSA 2016-01 [2]
- 13.01.2016: Update released OpenVAS: Advisory OVSA 20160113 [1]
- 18.01.2016: CVE-2016-1926 assigned by MITRE
- 20.01.2016: Blogpost released [3]

References
===============
- [1] http://www.openvas.org/OVSA20160113.html
- [2] http://www.greenbone.net/technology/gbsa2016-01.html
- [3] https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016/

Regards,
Sebastian Neef

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ