Bug 805712 (CVE-2012-1575)

Summary: CVE-2012-1575 cumin: multiple XSS flaws
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: grid-maint-list, iboverma, jneedle, matt, mcressma, mjc, security-response-team, tmckay
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-12 16:56:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 438142, 807763, 812066    
Bug Blocks: 805721    
Attachments:
Description Flags
Technical write up on vulnerabilities, fixes, and testing
none
Quota config, referenced from the pdf
none
Aviary submit script, referenced from the pdf none

Description Vincent Danen 2012-03-21 21:18:32 UTC 
A number of XSS flaws were reported in Cumin.  These flaws could be used by a remote attacker to inject arbitrary web script on a web page displayed by Cumin.

To solve the problem, xml_escape() (as defined in wooly/python/wooly/util.py, a simple wrapper around xml.sax.saxutils.escape()) is called on any values that are displayed on a web page and originate outside of Cumin, or through a form submitted by a user.  Many of these have been corrected upstream in r5238 [1].

[1] https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html
Comment 1 Trevor McKay 2012-03-22 12:39:48 UTC 
Created attachment 571986 [details]
Technical write up on vulnerabilities, fixes, and testing

Slightly different than the original version, but only because I changed the integers used in alert scripts to be unique so that when they are run it is unambiguous which one is displaying.  This might be helpful when testing Cumin for the presences of errors.
Comment 2 Trevor McKay 2012-03-22 12:40:51 UTC 
Created attachment 571987 [details]
Quota config, referenced from the pdf
Comment 3 Trevor McKay 2012-03-22 12:41:54 UTC 
Created attachment 571988 [details]
Aviary submit script, referenced from the pdf
Comment 4 errata-xmlrpc 2012-04-12 16:39:36 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0477 https://rhn.redhat.com/errata/RHSA-2012-0477.html
Comment 5 errata-xmlrpc 2012-04-12 16:39:54 UTC 
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:0476 https://rhn.redhat.com/errata/RHSA-2012-0476.html
Comment 6 Vincent Danen 2012-04-12 16:54:18 UTC 
Created cumin tracking bugs for this issue

Affects: fedora-all [bug 812066]
Comment 7 Vincent Danen 2013-02-15 17:12:12 UTC 
Current Fedora ships cumin-0.1.5522 which is based on upstream svn r5522 and includes this fix.