oss-sec mailing list archives
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 15 Jan 2015 16:44:39 -0500
Hi Henri-- Your recent message: On Thu 2015-01-15 01:56:41 -0500, Henri Salo wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed in 5.2.1 version. - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlS3ZKkACgkQXf6hBi6kbk/EXACgobA8v+eNpA8mbR85uzP1rSH/ YfEAoMqRuWAaDysP7GYpQJ+zLAkKze+A =XgEo -----END PGP SIGNATURE-----
Is a bit troubling, because it seems to rely on the Subject: line for necessary context in interpreting the signed message. An attacker could take this signed message, and replay it "From" you with a changed subject line to try to indicate that you think some other bug was fixed in some other piece of software, version 5.2.1. You can avoid this kind of problem by ensuring that the messages you sign are context-independent (e.g. including the information currently in this message's subject line in your message body directly as well). Regards, --dkg
Attachment:
signature.asc
Description:
Current thread:
- CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 13)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor (Jan 15)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Feb 12)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)