oss-sec mailing list archives

Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality

From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 15 Jan 2015 16:44:39 -0500

Hi Henri--

Your recent message:

On Thu 2015-01-15 01:56:41 -0500, Henri Salo wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fixed in 5.2.1 version.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlS3ZKkACgkQXf6hBi6kbk/EXACgobA8v+eNpA8mbR85uzP1rSH/
YfEAoMqRuWAaDysP7GYpQJ+zLAkKze+A
=XgEo
-----END PGP SIGNATURE-----


Is a bit troubling, because it seems to rely on the Subject: line for
necessary context in interpreting the signed message.

An attacker could take this signed message, and replay it "From" you
with a changed subject line to try to indicate that you think some other
bug was fixed in some other piece of software, version 5.2.1.

You can avoid this kind of problem by ensuring that the messages you
sign are context-independent (e.g. including the information currently
in this message's subject line in your message body directly as well).

Regards,

   --dkg

Attachment: signature.asc
Description:

Current thread:

CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 13)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
  - Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor (Jan 15)
    - Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Hanno Böck (Jan 15)
    - Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 16)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Feb 12)