Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 233562 (CVE-2008-3422) - <dev-lang/mono-2.0.1-r1 ASP.net XSS, Sys.Web Header injection (CVE-2008-3422, CVE-2008-3906)
Summary: <dev-lang/mono-2.0.1-r1 ASP.net XSS, Sys.Web Header injection (CVE-2008-3422,...
Status: RESOLVED FIXED
Alias: CVE-2008-3422
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://thread.gmane.org/gmane.comp.gn...
Whiteboard: B4 [noglsa]
Keywords:
Depends on: 234305
Blocks:
  Show dependency tree
 
Reported: 2008-08-01 08:51 UTC by Robert Buchholz (RETIRED)
Modified: 2009-04-12 16:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-08-01 08:51:00 UTC
CVE-2008-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3422):
  Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class
  libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary
  web script or HTML via crafted attributes related to (1) HtmlControl.cs
  (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3)
  HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton
  (RenderAttributes), and (5) HtmlSelect (RenderChildren).
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-08-06 22:36:25 UTC
Patches @ svn://anonsvn.mono-project.com/source
mono-1-9 : 109358
mono-2-0 : 109348
trunk : 109349

Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-08-28 14:55:12 UTC
There is also a header injection issue, see here:
https://bugzilla.novell.com/show_bug.cgi?id=418620

Quote:
Fixes for the following Mono branches have been committed:

branches/mono-1-1-7 (r111116)
branches/mono-1-1-18 (r111117)
branches/mono-1-2-2 (r111118)
branches/mono-1-2-5 (r111119)
branches/mono-1-9 (r111120)

Second part of the fix (implementation for 1.1) committed to the following
branches:
trunk (r111122)
branches/mono-2-0 (r111123)
branches/mono-1-1-7 (r111125)
branches/mono-1-1-18 (r111126)
branches/mono-1-2-2 (r111127)
branches/mono-1-2-5 (r111128)
branches/mono-1-9 (r111129)
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-09-12 13:47:07 UTC
CVE-2008-3906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3906):
  CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier
  allows remote attackers to inject arbitrary HTTP headers and conduct
  HTTP response splitting attacks via CRLF sequences in the query
  string.
Comment 4 Peter Alfredsen (RETIRED) gentoo-dev 2009-04-04 15:03:55 UTC
2.0 stable, GLSA-ready.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-09 21:58:14 UTC
GLSA decision, i vote NO.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2009-04-12 16:23:54 UTC
confirmed that dev-lang/mono-2.0.1-r1 carries all fixes.

voting NO.