<< Previous Next >>
CVS
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
harmless example, the injected script code will display a javascript
alert window. However, the attacker could also use this vulnerability to
steal the PHP APC admins' session data from within the domain apc.php is
invoked in, as well as all other attacks cross site scripting allows for.
This issue has been fixed in PHP APC CVS.
http://cvs.php.net/viewvc.cgi/pecl/apc/apc.php?r1=3.73&r2=3.74
Report by Moritz Naumann, Naumann IT Consulting & Services, Berlin, Germany.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
libtiff <= 3.8.2, <= 3.9 (stable), <= 4.0 (development)
Fixed version:
libtiff, N/A (patch has been made available and it's expected to be committed
to libtiff CVS)
Credit: vulnerability report and PoC code received from Tielei Wang <wangtielei
[at] icst [dot] pku [dot] edu [dot] cn>, ICST-ERCIS.
CVE: CVE-2009-2347
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
The rdesktop maintainer has addressed this vulnerability with CVS
revision 1.20 of iso.c. For more information, visit the following URL.
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?annotate=1.20&diff_format=h&pathrev=HEAD#l101
VII. CVE INFORMATION
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
The rdesktop maintainer has addressed this vulnerability with CVS
revision 1.162 of rdesktop.c. For more information, visit the following
URL.
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdesktop.c?view=diff&pathrev=HEAD&r1=text&tr1=1.162&r2=text&tr2=1.118&diff_format=h#l1134
6) Time Table
05/11/2008 - Vendor notified.
10/11/2008 - Vendor response.
14/11/2008 - Vendor informs that fixes are ready and will be uploaded
to CVS on the agreed disclosure date.
19/11/2008 - Public disclosure.
======================================================================
7) Credits
example exploit:
error_log("<?php phpinfo(); ?>", 0);
- --- 2. How to fix ---
Fixed in CVS
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup
Note:
Do not use safe_mode as a main safety.
Solution:
A fix for the issue mentioned in this advisory can be found in the
public e107 CVS repository, or accessed directly at the link below.
http://e107.cvs.sourceforge.net/e107/e107_0.7/download.php?r1=1.95&r2=1.96&view=patch&pathrev=MAIN
JavaScript with:
http://localhost/Owl/register.php?myaction=getpasswd&username="><script>alert(1);</script>
Workaround/Fix:
Replace your owl.lib.php with the version from
http://owl.cvs.sourceforge.net/*checkout*/owl/owl-0.90/lib/owl.lib.php
Disclosure Timeline:
2008-07-27 Vendor contacted
2008-07-28 Vendor: fixed issue in cvs / no need for new stable release
2008-07-28 Advisory published
included in the 3.0.4, 3.1.4, 2.22.4, and 2.20.6 releases. Upgrading
to these releases will protect installations from possible exploits of
these issues.
Full release downloads, patches to upgrade Bugzilla from previous
versions, and CVS upgrade instructions are available at:
http://www.bugzilla.org/download/
Credits
#
Now /www/about.ini, is emtpy.
- --- 2. How to fix ---
Fixed in CVS
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&
- --- 3. Greets ---
sp3x p_e_a Infospec schain
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
We fixed this issue in the current CVS HEAD of OpenCms. The fix will be included in the next public release of OpenCms.
Thanks for improving security of OpenCms.
caller and current environment.
Remediation
-----------
This bug was patched in CVS, patching all three object types.
Further details can be found at http://bugs.python.org/issue2587
and http://svn.python.org/view?rev=62271&view=rev and
http://svn.python.org/view?rev=62272&view=rev
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
Solution:
---------
* Upgrade to the latest version of JSFTemplating, v1.2.11 has the fix:
http://download.java.net/maven/1/com.sun.jsftemplating/jars/
CVS commit logs with some information regarding new security features can be
found here:
https://jsftemplating.dev.java.net/servlets/BrowseList?listName=cvs&by=date&from=2009-08-01&to=2009-08-31&first=1&count=16
* Upgrade to the latest version of Mojarra Scales, v1.3.2 has the fix:
execute arbitrary code.
Background
==========
Subversion is a versioning system designed to be a replacement for CVS.
Affected packages
=================
-------------------------------------------------------------------
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
Patches and Workaround:
Patches are provided for OpenBSD 4.3, 4.4, 4.5 (upcoming, release 1st of may)
and OpenBSD-current (via CVS only) and are avaiable at the errata website.
The developers provide hints for a workaround at their errata website too.
Kind regards,
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
Where: Remote
======================================================================
3) Vendor's Description of Software
"ViewVC is a browser interface for CVS and Subversion version control
repositories. It generates templatized HTML to present navigable
directory, revision, and change log listings. It can display specific
versions of files as well as diffs between those versions.".
Product Link:
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
The rdesktop maintainer has addressed this vulnerability with CVS
revision 1.102 of rdp.c. For more information, visit the following URL.
http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/rdp.c?annotate=1.102&pathrev=HEAD#l1337
VII. CVE INFORMATION
- --- 2. Exploit ---
SecurityReason will not public official exploit for this issue.
- --- 3. How to fix ---
CVS
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup
- --- 4. Greets ---
sp3x Infospec p_e_a Chujwamwdupe schain and Stanislav Malyshev (Patch)
Workaround/Fix
Update to 1.8.4.
Disclosure Timeline
2007-01-08 Vendor contacted
2007-01-08 Vendor fixed cvs
2007-01-11 Vendor released 1.8.4
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2008-0123 to this issue. This is a candidate for inclusion in the CVE
The fix for this issue in is included in the 3.3.3, 3.2.2, and 3.0.8
releases. Upgrading to a release with the relevant fix will protect
your installation from possible exploits of this issue.
Full release downloads, patches to upgrade Bugzilla from previous
versions, and CVS upgrade instructions are available at:
http://www.bugzilla.org/download/
Credits
<<Previous Next>>
|
