| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Sep 2008 15:11:22 +0200
From: "security@...ns.com" <security@...ns.com>
To: full-disclosure@...ts.grok.org.uk
Subject: n.runs-SA-2008.007 - Cross-Site Scripting Filter
Evasion in various frameworks / applications
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.007 11-Sep-2008
________________________________________________________________________
Vendor: Various
Affected Products: Horde >= 3.1, <= 3.2.1
Popoon/Flux-CMS <= r22196
Secondary, affected versions:
Cake-PHP <= 1.2.x.x_18.08.2008 (nightly)
phpMyFAQ <= 2.5.0-dev (2008-08-18)
deluxeBB <= 1.2
emucms <= 0.3
SimpleSite <= 1.6.4
RevokeBB <= 1.0RC11_normal
TPLN <= 2.9
Logicoder <= r27
phour <= r106
MDPro <= 1.0821
noserub <= r784/0.6
and probably more
Vulnerability: Cross-Site Scripting Filter Evasion in various
frameworks / applications
CVE: CVE-2008-3824
oCERT: oCERT-2008-012
Risk: MEDIUM
________________________________________________________________________
Vendor communication:
2008/07/25 Bug found and PoC preparation
2008/07/26 Vulnerability report submitted via oCert online-form
2008/08/05 oCert confirmed the submission. oCert starts the
coordination of affected authors/vendors
2008/09/06 oCert informs all parties about the advisory release
date
2008/09/11 n.runs AG releases this advisory in coordination with
oCert
________________________________________________________________________
Overview:
The Horde project relies on code similar to Popoon's externalinput.php
to filter out potential XSS attacks on user-supplied input. Other
projects are using the same code base. Therefore this vulnerability
affects also the popular Cake-PHP framework. Hence, all users that
rely on the externalinput sanitization functionality are affected by
this vulnerability, as in addition to many other unrelated, open source
projects.
Description:
The XSS filter fails to fully sanitize the user data. In particular,
this filter fails to protect against a special character which
Microsoft Internet Explorer and Mozilla Firefox is interpreting it
as a valid space character.
Impact:
This circumstance allows to bypass the filter and to apply
Cross-Site Scripting.
Solution:
For detailed information about the fixes, follow the link in the
references section [1] of this document.
________________________________________________________________________
Credits:
Bug found by Alexios Fakos of n.runs AG.
Many thanks to Will Drewry of oCert team for the coordination and
professional communication.
________________________________________________________________________
References:
[1] http://www.ocert.org/advisories/ocert-2008-012.html
This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
Subscribe to the n.runs newsletter by signing up to:
http://www.nruns.com/newsletter_en.php
________________________________________________________________________
Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security@...ns.com for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall n.runs be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages, even if n.runs has been advised of the possibility of
such damages.
Copyright 2008 n.runs AG. All rights reserved. Terms of use apply.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists