PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001292PacketFencesecuritypublic2011-10-03 11:032011-10-24 20:17
Reportermattd 
Assigned Toobilodeau 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Versiondevel 
Target Version3.0.2Fixed in Version3.0.2 
Summary0001292: XSS in web adminstration interface (login.php)
DescriptionIn the web administation login page (html/admin/login.php), the 'p' parameter, passed in as a HTTP GET parameter, is not properly escaped in the output. This leads to XSS.
Additional InformationA sample request, triggering the XSS:
login.php?p=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cx%20x%3D%22
TagsNo tags attached.
fixed in git revision
fixed in mtn revisionb3af2b197670c53ffb3992f3d14fbb028b35b927
Attached Filespatch file icon security-fix-1292.patch [^] (886 bytes) 2011-10-11 14:17 [Show Content]

- Relationships

-  Notes
(0002310)
obilodeau (reporter)
2011-10-03 11:06

Thanks for the report! We will fix this shortly.
(0002328)
obilodeau (reporter)
2011-10-06 13:46

Ok, I'm looking at these now but first:

- Do you plan on getting CVE numbers for the vulnerabilities?
- Can you send me your full name and organization (optional) for the finding credits in the release notes.

Thanks,
(0002331)
mattd (reporter)
2011-10-07 22:06

CVEs: Nope, I think it'd be better if you as vendor get them.
Credit: Matthew Daley.

Thanks!
(0002332)
obilodeau (reporter)
2011-10-11 14:17

Fix committed in revno: b3af2b197670c53ffb3992f3d14fbb028b35b927
I requested CVE numbers.

Fix will be released in 3.0.2 shortly.

Those you can't wait or who won't upgrade in a timely fashion should apply the attached patch. It should apply cleanly on most packetfence versions known to man (it's long standing vuln).
(0002362)
obilodeau (reporter)
2011-10-17 10:37

This vulnerability has been assigned: CVE-2011-4067
(0002386)
obilodeau (reporter)
2011-10-24 20:15

fix released in 3.0.2

- Issue History
Date Modified Username Field Change
2011-10-03 11:03 mattd New Issue
2011-10-03 11:05 obilodeau Status new => assigned
2011-10-03 11:05 obilodeau Assigned To => obilodeau
2011-10-03 11:06 obilodeau Note Added: 0002310
2011-10-06 13:46 obilodeau Note Added: 0002328
2011-10-07 22:06 mattd Note Added: 0002331
2011-10-11 14:17 obilodeau mtn revision => b3af2b197670c53ffb3992f3d14fbb028b35b927
2011-10-11 14:17 obilodeau Note Added: 0002332
2011-10-11 14:17 obilodeau Status assigned => resolved
2011-10-11 14:17 obilodeau Fixed in Version => +1
2011-10-11 14:17 obilodeau Resolution open => fixed
2011-10-11 14:17 obilodeau File Added: security-fix-1292.patch
2011-10-17 10:37 obilodeau Note Added: 0002362
2011-10-24 16:45 obilodeau View Status private => public
2011-10-24 20:15 obilodeau Target Version => 3.0.2
2011-10-24 20:15 obilodeau Note Added: 0002386
2011-10-24 20:16 obilodeau Status resolved => closed
2011-10-24 20:17 obilodeau Fixed in Version +1 => 3.0.2


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker