oss-security - Re: CVE request: XSS flaws fixed in ganglia

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20130221114811.GA27599@elende>
Date: Thu, 21 Feb 2013 12:48:11 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: 700158@...s.debian.org, 700159@...s.debian.org
Subject: Re: CVE request: XSS flaws fixed in ganglia

Hi Raphael

On Thu, Feb 21, 2013 at 11:47:10AM +0100, Raphael Geissert wrote:
> Hi,
> 
> On 8 February 2013 19:06, Vincent Danen <vdanen@...hat.com> wrote:
> > A number of XSS issues were fixed in ganglia's web ui:
> >
> > https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
> 
> I've a hunch that there are a few issues with the changes. A quick
> look at the patch shows that the change here breaks the preg_replace
> call:
> 
> - $query_string = preg_replace("/(&trendhistory=)(\d+)/", "", $query_string);
> + $query_string = preg_replace("/(&trendhistory=)(\d+)/", "",
> htmlspecialchars($query_string, ENT_QUOTES) );
> 
> It looks as if the htmlspecialchars call was misplaced.  Not that it
> is a security issue, but it's a bug.
> 
> Can anyone forward this upstream? I will try to take a look at the
> rest of the patch later.

Done as issue #157 for ganglia-web[1].

 [1]: https://github.com/ganglia/ganglia-web/issues/157

Regards,
Salvatore

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.