Bug 743205 (CVE-2011-3598)

Summary: CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: devrim, dyoung, john.julien.qso5, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20111003,reported=20111003,source=gentoo,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/phpPgAdmin=notaffected,epel-6/phpPgAdmin=notaffected,epel-5/phpPgAdmin=notaffected,epel-4/phpPgAdmin=affected,cwe=CWE-79[auto]
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 743207    
Bug Blocks:    

Description Jan Lieskovsky 2011-10-04 04:27:08 EDT
Multiple cross-site scripting (XSS) flaws were reported in phpPgAdmin:
1) the 'title' argument of a particular web page was not sanitized properly
   prior displaying the page header,
2) the return ULR ('return_url') and return link name ('return_desc') were
   not sanitized properly prior displaying the requested page data.

A remote attacker could provide a specially-crafted URL, which once visited by an unsuspecting phpPgAdmin user could lead to arbitrary HTML or web script execution.

References:
[1] https://secunia.com/advisories/46248/
[2] https://bugs.gentoo.org/show_bug.cgi?id=385505
[3] http://phppgadmin.sourceforge.net/doku.php?id=download
[4] http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news

Upstream patch:
[5] https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842
Comment 1 Jan Lieskovsky 2011-10-04 04:32:05 EDT
CVE Request:
[6] http://www.openwall.com/lists/oss-security/2011/10/04/1
Comment 2 Jan Lieskovsky 2011-10-04 04:34:53 EDT
The following phpPgAdmin package updates have been scheduled to correct these flaws
in particular releases of Fedora and in the following EPEL repositories versions:
1) phpPgAdmin-5.0.3-1.fc15 for Fedora-15,
2) phpPgAdmin-5.0.3-1.fc14 for Fedora-14,
3) phpPgAdmin-5.0.3-1.el5 for EPEL-5,
4) phpPgAdmin-5.0.3-1.el6 for EPEL-6.

Once the updates have passed the required level of testing, they will be pushed to the -stable repositories.
Comment 3 Jan Lieskovsky 2011-10-04 04:42:38 EDT
These issues affect the version of the phpPgAdmin package, as present within EPEL-4 repository. Please schedule an update with the correction.
Comment 4 Jan Lieskovsky 2011-10-04 04:43:50 EDT
Created phpPgAdmin tracking bugs for this issue

Affects: epel-4 [bug 743207]
Comment 5 Devrim GÜNDÜZ 2011-10-04 10:51:25 EDT
I just pushed all releases.
Comment 6 Vincent Danen 2011-10-04 15:19:25 EDT
This issue has been assigned the name CVE-2011-3598:

http://www.openwall.com/lists/oss-security/2011/10/04/10
Comment 7 Jan Lieskovsky 2011-10-05 05:50:20 EDT
(In reply to comment #5)
> I just pushed all releases.

Thanks Devrim, appreciated.
Comment 8 Jan Lieskovsky 2011-10-05 05:55:36 EDT
The complete list of phpPgAdmin package updates, which contain fix for these issues:
1) phpPgAdmin-5.0.3-1.fc14,
2) phpPgAdmin-5.0.3-1.fc15,
3) phpPgAdmin-5.0.3-1.fc16,
4) phpPgAdmin-5.0.3-1.el4,
5) phpPgAdmin-5.0.3-1.el5,
6) phpPgAdmin-5.0.3-1.el6.
Comment 9 Fedora Update System 2011-10-12 20:51:24 EDT
phpPgAdmin-5.0.3-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2011-10-12 20:51:56 EDT
phpPgAdmin-5.0.3-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2011-10-13 00:38:36 EDT
phpPgAdmin-5.0.3-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2011-10-24 11:38:20 EDT
phpPgAdmin-5.0.3-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2011-10-24 11:38:44 EDT
phpPgAdmin-5.0.3-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2011-10-24 11:39:08 EDT
phpPgAdmin-5.0.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Dan Young 2011-10-27 13:10:38 EDT
Please note that phpPgAdmin ≥ 5.0 requires PHP version 5, which is not present in EL4. The update in the EPEL 4 repository breaks those EL4 installs.