oss-sec mailing list archives
Re: XSS vulnerability in apt-cacher-ng
From: Yves-Alexis Perez <corsac () debian org>
Date: Sat, 21 Jun 2014 15:16:23 +0200
On ven., 2014-06-20 at 12:06 +0200, Eduard Bloch wrote:
Hello Security Team, I am sorry to report that one of my packages (with upstream hat on) has an XSS attack vulnerability. The way for the attacker to exploit this is to redirect the user's browser in a LAN to apt-cacher-ng server (which address the attacker has to know) with a manipulated URL. Since the location and TCP port of the cacher server are configurable, it's IMHO not totally easy to find but is still a good attack vector with insider knowledge.
Here is the proposed fix: http://anonscm.debian.org/gitweb/?p=apt-cacher-ng/apt-cacher-ng.git;a=commitdiff;h=6f08e6a3995d1bed4e837889a3945b6dc650f6ad It simply doesn't show the path in the browser output, because it has no value there. It only needs to be in the http status line in order to be displayed in apt-get's messages, there is no need for users to visit such an URL and see that message.
Hi, it seems there is an XSS vulnerability present in apt-cacher-ng. According to above text the issue looks minime, but I guess it still can do with a CVE, could one be allocated? Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: XSS vulnerability in apt-cacher-ng Yves-Alexis Perez (Jun 21)
- Re: XSS vulnerability in apt-cacher-ng cve-assign (Jun 22)