oss-sec mailing list archives
CVE Request: Security issue in backuppc
From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 27 Oct 2011 16:00:48 -0500
Hi Craig, While preparing updates to fix CVE-2011-3361 in Ubuntu I discovered another XSS vulnerability in View.pm when accessing the following URLs in backuppc: index.cgi?action=view&type=XferLOG&num=<XSS here>&host=<some host> index.cgi?action=view&type=XferErr&num=<XSS here>&host=<some host> You are being emailed as the upstream contact. Please keep oss-security () lists openwall com[1] CC'd for any updates on this issue. To oss-security, can I have a CVE for this? It is essentially the same vulnerability and fix as for CVE-2011-3361, but in CGI/View.pm instead of CGI/Browse.pm. Attached is a patch to fix this issue. Tested on 3.0.0, 3.1.0, 3.2.0 and 3.2.1. -- Jamie Strandboge | http://www.canonical.com
Attachment:
view.diff
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE Request: Security issue in backuppc Jamie Strandboge (Oct 27)