PacketFence - BTS - PacketFence |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001292 | PacketFence | security | public | 2011-10-03 11:03 | 2011-10-24 20:17 |
|
| Reporter | mattd | |
| Assigned To | obilodeau | |
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | devel | |
| Target Version | 3.0.2 | Fixed in Version | 3.0.2 | |
| fixed in git revision | |
| fixed in mtn revision | b3af2b197670c53ffb3992f3d14fbb028b35b927 |
|
| Summary | 0001292: XSS in web adminstration interface (login.php) |
| Description | In the web administation login page (html/admin/login.php), the 'p' parameter, passed in as a HTTP GET parameter, is not properly escaped in the output. This leads to XSS. |
| Steps To Reproduce | |
| Additional Information | A sample request, triggering the XSS:
login.php?p=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cx%20x%3D%22 |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  security-fix-1292.patch (886) 2011-10-11 14:17
https://www.packetfence.org/bugs/file_download.php?file_id=107&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2011-10-03 11:03 | mattd | New Issue | |
| 2011-10-03 11:05 | obilodeau | Status | new => assigned |
| 2011-10-03 11:05 | obilodeau | Assigned To | => obilodeau |
| 2011-10-03 11:06 | obilodeau | Note Added: 0002310 | |
| 2011-10-06 13:46 | obilodeau | Note Added: 0002328 | |
| 2011-10-07 22:06 | mattd | Note Added: 0002331 | |
| 2011-10-11 14:17 | obilodeau | mtn revision | => b3af2b197670c53ffb3992f3d14fbb028b35b927 |
| 2011-10-11 14:17 | obilodeau | Note Added: 0002332 | |
| 2011-10-11 14:17 | obilodeau | Status | assigned => resolved |
| 2011-10-11 14:17 | obilodeau | Fixed in Version | => +1 |
| 2011-10-11 14:17 | obilodeau | Resolution | open => fixed |
| 2011-10-11 14:17 | obilodeau | File Added: security-fix-1292.patch | |
| 2011-10-17 10:37 | obilodeau | Note Added: 0002362 | |
| 2011-10-24 16:45 | obilodeau | View Status | private => public |
| 2011-10-24 20:15 | obilodeau | Target Version | => 3.0.2 |
| 2011-10-24 20:15 | obilodeau | Note Added: 0002386 | |
| 2011-10-24 20:16 | obilodeau | Status | resolved => closed |
| 2011-10-24 20:17 | obilodeau | Fixed in Version | +1 => 3.0.2 |
|
Notes |
|
|
|
|
Thanks for the report! We will fix this shortly. |
|
|
|
|
Ok, I'm looking at these now but first:
- Do you plan on getting CVE numbers for the vulnerabilities?
- Can you send me your full name and organization (optional) for the finding credits in the release notes.
Thanks, |
|
|
|
(0002331)
|
|
mattd
|
|
2011-10-07 22:06
|
|
CVEs: Nope, I think it'd be better if you as vendor get them.
Credit: Matthew Daley.
Thanks! |
|
|
|
|
Fix committed in revno: b3af2b197670c53ffb3992f3d14fbb028b35b927
I requested CVE numbers.
Fix will be released in 3.0.2 shortly.
Those you can't wait or who won't upgrade in a timely fashion should apply the attached patch. It should apply cleanly on most packetfence versions known to man (it's long standing vuln). |
|
|
|
|
|
This vulnerability has been assigned: CVE-2011-4067 |
|
|
|
|
|