Summary: | dev-php/php-openid: Host based account hijack attack (CVE-2016-2049) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | mgorny, php-bugs, treecleaner |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/01/24/2 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Deadline: | 2019-04-12 |
Description
Agostino Sarubbo
2016-01-25 14:40:27 UTC
CVE-2016-2049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2049): examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header. Still pending upstream: https://github.com/openid/php-openid/issues/128 Still no fix... no RDEPS... The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c510cb9ab1218665619f7832e463323479ea8e commit 40c510cb9ab1218665619f7832e463323479ea8e Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-13 17:04:15 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-13 17:04:15 +0000 package.mask: Last rite vulnerable dev-php/php-openid Bug: https://bugs.gentoo.org/572882 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) Arches and Maintainer(s), Thank you for your work. To be removed in 30 Days after Last Rights. Thank you all for you work. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a2c899dbea085c5de8e75adca517404190e37c commit f4a2c899dbea085c5de8e75adca517404190e37c Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-13 06:54:43 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-13 06:57:39 +0000 dev-php/php-openid: Remove last-rited pkg Closes: https://bugs.gentoo.org/572882 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-php/php-openid/Manifest | 1 - dev-php/php-openid/metadata.xml | 11 ------- .../php-openid/php-openid-2.3.1_pre20180219.ebuild | 35 ---------------------- profiles/package.mask | 6 ---- 4 files changed, 53 deletions(-) |