control characters
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Ruby: Terminal Control Character Injection
Date: January 14, 2010
Bugs: #300468
ID: 201001-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The ESC insertion problems will be resolved by:
- Handling the particular exceptions you found (NumberFormateException).
- Updating the stderrlogger so that all user supplied output is stripped
of non whitespace ISO control characters.
- Stripping ISO control characters from generated error pages.
In the meantime the vendor provides the following workaround
recommendations:
website and had Javascript enabled, an attacker may be able to steal a limited
amount of private data. (CVE-2008-5507)
Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered
Thunderbird did not properly parse URLs when processing certain control
characters. (CVE-2008-5508)
Several flaws were discovered in the Javascript engine. If a user were tricked
into opening a malicious website and had Javascript enabled, an attacker could
exploit this to execute arbitrary Javascript code within the context of another
website or with chrome privileges. (CVE-2008-5511, CVE-2008-5512)
cross-domain redirect. An attacker could bypass the same-origin policy
in Firefox by utilizing nsIRDFService and steal private data from
users authenticated to the redirected website. (CVE-2009-0776)
Masahiro Yamada discovered that Firefox did not display control
characters in the location bar. An attacker could exploit this to
spoof the location bar, such as in a phishing attack. (CVE-2009-0777)
Updated packages for Ubuntu 8.04 LTS:
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)
CVE-2008-5511
It was discovered that it is possible to perform cross-site scripting
attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)
Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox
did not properly parse URLs when processing certain control characters.
(CVE-2008-5508)
Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)
website and had Javascript enabled, an attacker may be able to steal a limited
amount of private data. (CVE-2008-5507)
Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered
Thunderbird did not properly parse URLs when processing certain control
characters. (CVE-2008-5508)
Kojima Hajime discovered that Thunderbird did not properly handle an escaped
null character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)
CVE-2008-5510
Kojima Hajime and Jun Muto discovered that escaped null characters
were ignored by the CSS parser and could lead to the bypass of
Javascript off-site resource. If a user were tricked into opening a malicious
website, an attacker may be able to steal a limited amount of private data.
(CVE-2008-5507)
Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Firefox
did not properly parse URLs when processing certain control characters.
(CVE-2008-5508)
Kojima Hajime discovered that Firefox did not properly handle an escaped null
character. An attacker may be able to exploit this flaw to bypass script
sanitization. (CVE-2008-5510)
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)
CVE-2008-5511
It was discovered that it is possible to perform cross-site scripting
attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)
notifies the user about the message and the attached files making the
attack invisible for the target.
The other bug is a logging file content manipulation vulnerability
allowing the attacker to use the data inside protocol's packet to
disrupt the log file with control characters like '\n' and others. This
bug is not very important alone, but could be combined with the
traversal bug to cover tracks about the file upload inserting false log
lines or control characters.
In the following code the the program obtains the filename from the
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid URL '%s'", str); \
php_curl_ret(__ret); \
} \
\
if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str); \
php_url_free(tmp_url); \
php_curl_ret(__ret); \
} \
\
if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \
curl is vulnerable to a SSL CBC IV vulnerability when built to use
OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate
the problem (CVE-2011-3389).
curl is vulnerable to a data injection attack for certain protocols
through control characters embedded or percent-encoded in URLs
(CVE-2012-0036).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
via a JavaScript URL. (MFSA 2008-65)
CVE-2008-5508
Chip Salzenberg discovered possible phishing attacks via URLs with
leading whitespaces or control characters. (MFSA 2008-66)
CVE-2008-5511
It was discovered that it is possible to perform cross-site scripting
attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)
|
