Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 180133
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 180133 depends on: Show dependency tree
Bug 180133 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-05-28 18:19 0000 
Michal Majchrowicz has reported a vulnerability in phpPgAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to login.php through various scripts (e.g.
redirect.php) is not properly sanitised before being returned to the user. This
can be exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

The vulnerability is reported in versions 3.5 to 4.1.1. Other versions may also
be affected.

NOTE: Other scripts are also reportedly affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

------- Comment #1 From Pierre-Yves Rofes 2007-05-28 18:22:59 0000 ------- 
setting status and cc'ing herds. web-apps/postgresql, please advise.

------- Comment #2 From Tiziano Müller 2007-05-28 21:38:14 0000 ------- 
Well, there's currently no news from upstream as far as I can tell and from the
activity I'd guess it could take some time until this is fixed.
Therefore the only solution for the user is to restrict access to the
phppgadmin-locations using the webserver.

------- Comment #3 From Renat Lumpau 2007-06-02 05:12:10 0000 ------- 
4.1.2 in the tree

------- Comment #4 From Pierre-Yves Rofes 2007-06-02 07:31:52 0000 ------- 
Thanks Renat.
Arches, please test and mark stable. Target keywords are:
phppgadmin-4.1.2.ebuild:KEYWORDS="amd64 hppa ppc sparc x86"

------- Comment #5 From Christoph Mende 2007-06-02 12:29:50 0000 ------- 
amd64 done

------- Comment #6 From Emanuele Gentili 2007-06-02 12:50:47 0000 ------- 
1. emerges on x86
2. passes test suite
3. passes collision test
4. works

Portage 2.1.2.7 (default-linux/x86/2006.1, gcc-4.1.2, glibc-2.5-r3,
2.6.17-gentoo-r8-panic i686)
=================================================================
System uname: 2.6.17-gentoo-r8-panic i686 Intel(R) Pentium(R) M processor
2.00GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 02 Jun 2007 01:30:01 +0000
ccache version 2.4 [disabled]
dev-java/java-config: 1.3.7, 2.0.32
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r7
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium-m -msse2 -mmmx -msse -mfpmath=sse
-fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -march=pentium-m -msse2 -mmmx -msse -mfpmath=sse
-fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox
sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="it_IT.UTF-8"
LC_ALL="C"
LINGUAS="it"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/webapps-experimental
/usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acpi adns alsa apache arts asf ati avi bash-completion beagle
berkdb bitmap-fonts browserplugin bzip2 cairo caps cdr cli cracklib crd crypt
cups curl daap dbus dga djvu dmi dri dts dvd dvdr dvi emacs evo exif fbcon
ffmpeg firefox flac foomatic fortran gdbm gif gimpprint glitz gnome gnutls gpm
gtk hal i810 iconv imagemagick intel ipod ipv6 isdnlog java jpeg kde libg++
libnotify libsexy lns mad midi mmap mmx mng mono mozilla moznocompose moznoirc
moznomail mozsvg mp3 mp4 mpeg mudflap musepack nautilus ncurses network njb nls
nptl nptlonly nsplugin numeric ogg ole opengl openmp openntpd oss pam pcre pdf
perl php png portaudio posix ppds pppd pwdb python qt qt3 radeon readline real
reflection samba sdl session sndfile spl sse sse2 ssl svg t1lib tcpd test
theora threads truetype-fonts type1-fonts unicode usb v4l vcd vorbis
win32codecs wma wmf wmv wxwindows x264 x86 xine xml2 xorg xvid zlib"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1
emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m
maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" LINGUAS="it" USERLAND="GNU" VIDEO_CARDS="vesa i810 vga"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


For me Stable in x86

------- Comment #7 From Jeroen Roovers 2007-06-02 15:48:40 0000 ------- 
Stable for HPPA.

------- Comment #8 From nixnut 2007-06-02 19:51:33 0000 ------- 
stable on ppc.

------- Comment #9 From Gustavo Zacarias (RETIRED) 2007-06-04 12:54:34 0000 ------- 
sparc stable.

------- Comment #10 From Christian Faulhammer 2007-06-04 19:06:05 0000 ------- 
x86 stable, last arch, sorry for the delay

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-06-04 19:53:32 0000 ------- 
I tend to vote NO.

------- Comment #12 From Raphael Marichez 2007-06-07 21:28:57 0000 ------- 
I vote no, same reason as bug 175847. And closing. Feel free to reopen if you
disagree.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug