Bug 180133 - dev-db/phppgadmin < 4.1.2 login.php XSS
|
Bug#:
180133
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: py@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://secunia.com/advisories/25446/
|
|
Summary: dev-db/phppgadmin < 4.1.2 login.php XSS
|
|
Keywords:
|
|
Status Whiteboard: B4 [noglsa] p-y
|
|
Opened: 2007-05-28 18:19 0000
|
Michal Majchrowicz has reported a vulnerability in phpPgAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the URL to login.php through various scripts (e.g.
redirect.php) is not properly sanitised before being returned to the user. This
can be exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.
The vulnerability is reported in versions 3.5 to 4.1.1. Other versions may also
be affected.
NOTE: Other scripts are also reportedly affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
setting status and cc'ing herds. web-apps/postgresql, please advise.
Well, there's currently no news from upstream as far as I can tell and from the
activity I'd guess it could take some time until this is fixed.
Therefore the only solution for the user is to restrict access to the
phppgadmin-locations using the webserver.
Thanks Renat.
Arches, please test and mark stable. Target keywords are:
phppgadmin-4.1.2.ebuild:KEYWORDS="amd64 hppa ppc sparc x86"
1. emerges on x86
2. passes test suite
3. passes collision test
4. works
Portage 2.1.2.7 (default-linux/x86/2006.1, gcc-4.1.2, glibc-2.5-r3,
2.6.17-gentoo-r8-panic i686)
=================================================================
System uname: 2.6.17-gentoo-r8-panic i686 Intel(R) Pentium(R) M processor
2.00GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 02 Jun 2007 01:30:01 +0000
ccache version 2.4 [disabled]
dev-java/java-config: 1.3.7, 2.0.32
dev-lang/python: 2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.4-r7
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.61
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.16
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium-m -msse2 -mmmx -msse -mfpmath=sse
-fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -march=pentium-m -msse2 -mmmx -msse -mfpmath=sse
-fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox
sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="it_IT.UTF-8"
LC_ALL="C"
LINGUAS="it"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/webapps-experimental
/usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acpi adns alsa apache arts asf ati avi bash-completion beagle
berkdb bitmap-fonts browserplugin bzip2 cairo caps cdr cli cracklib crd crypt
cups curl daap dbus dga djvu dmi dri dts dvd dvdr dvi emacs evo exif fbcon
ffmpeg firefox flac foomatic fortran gdbm gif gimpprint glitz gnome gnutls gpm
gtk hal i810 iconv imagemagick intel ipod ipv6 isdnlog java jpeg kde libg++
libnotify libsexy lns mad midi mmap mmx mng mono mozilla moznocompose moznoirc
moznomail mozsvg mp3 mp4 mpeg mudflap musepack nautilus ncurses network njb nls
nptl nptlonly nsplugin numeric ogg ole opengl openmp openntpd oss pam pcre pdf
perl php png portaudio posix ppds pppd pwdb python qt qt3 radeon readline real
reflection samba sdl session sndfile spl sse sse2 ssl svg t1lib tcpd test
theora threads truetype-fonts type1-fonts unicode usb v4l vcd vorbis
win32codecs wma wmf wmv wxwindows x264 x86 xine xml2 xorg xvid zlib"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1
emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m
maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" LINGUAS="it" USERLAND="GNU" VIDEO_CARDS="vesa i810 vga"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
For me Stable in x86
x86 stable, last arch, sorry for the delay
I vote no, same reason as bug 175847. And closing. Feel free to reopen if you
disagree.
