lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060826001052.GQ5316@kainx.org>
Date: Fri, 25 Aug 2006 20:10:52 -0400
From: Michael Jennings <mej@...nx.org>
To: bugtraq@...urityfocus.com
Subject: Suggested Fix for CVE-2006-4299

References:
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299
   http://www.securityfocus.com/bid/19654

Since the vendor appears to be asleep at the wheel, and Google turned
up nothing helpful, I've attempted my own fix for this vulnerability.
As I've found no exploit code to speak of, can anyone confirm that
this fix does indeed correct the issue?



tikiwiki-1.9.4-cve_2006_4299.patch:

diff -Nur -x '*.orig' -x '*.rej' tikiwiki-1.9.4/tiki-searchindex.php mezzanine_patched_tikiwiki-1.9.4/tiki-searchindex.php
--- tikiwiki-1.9.4/tiki-searchindex.php	2006-08-25 20:04:38.000000000 -0400
+++ mezzanine_patched_tikiwiki-1.9.4/tiki-searchindex.php	2006-08-25 20:04:25.000000000 -0400
@@ -22,7 +22,7 @@
 }
 
 if(isset($_REQUEST["highlight"]) && !empty($_REQUEST["highlight"])) {
-  $_REQUEST["words"]=$_REQUEST["highlight"];
+  $_REQUEST["words"]=htmlspecialchars($_REQUEST["highlight"]);
 }
 
 if ($feature_search_stats == 'y') {



Thanks,
Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej@...nx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "My shoes are too tight, but it doesn't matter because I have
  forgotten how to dance."
           -- Peter Jurasik (Ambassador Londo Mollari), "Babylon Five"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ