Bug 805712 - (CVE-2012-1575) CVE-2012-1575 cumin: multiple XSS flaws
CVE-2012-1575 cumin: multiple XSS flaws
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120306,repor...
: Security
Depends On: 438142 807763 812066
Blocks: 805721
  Show dependency treegraph
 
Reported: 2012-03-21 17:18 EDT by Vincent Danen
Modified: 2016-03-04 06:15 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-12 12:56:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Technical write up on vulnerabilities, fixes, and testing (65.31 KB, application/pdf)
2012-03-22 08:39 EDT, Trevor McKay
no flags Details
Quota config, referenced from the pdf (198 bytes, application/octet-stream)
2012-03-22 08:40 EDT, Trevor McKay
no flags Details
Aviary submit script, referenced from the pdf (2.63 KB, text/x-python)
2012-03-22 08:41 EDT, Trevor McKay
no flags Details

  None (edit)
Description Vincent Danen 2012-03-21 17:18:32 EDT
A number of XSS flaws were reported in Cumin.  These flaws could be used by a remote attacker to inject arbitrary web script on a web page displayed by Cumin.

To solve the problem, xml_escape() (as defined in wooly/python/wooly/util.py, a simple wrapper around xml.sax.saxutils.escape()) is called on any values that are displayed on a web page and originate outside of Cumin, or through a form submitted by a user.  Many of these have been corrected upstream in r5238 [1].

[1] https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html
Comment 1 Trevor McKay 2012-03-22 08:39:48 EDT
Created attachment 571986 [details]
Technical write up on vulnerabilities, fixes, and testing

Slightly different than the original version, but only because I changed the integers used in alert scripts to be unique so that when they are run it is unambiguous which one is displaying.  This might be helpful when testing Cumin for the presences of errors.
Comment 2 Trevor McKay 2012-03-22 08:40:51 EDT
Created attachment 571987 [details]
Quota config, referenced from the pdf
Comment 3 Trevor McKay 2012-03-22 08:41:54 EDT
Created attachment 571988 [details]
Aviary submit script, referenced from the pdf
Comment 4 errata-xmlrpc 2012-04-12 12:39:36 EDT
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0477 https://rhn.redhat.com/errata/RHSA-2012-0477.html
Comment 5 errata-xmlrpc 2012-04-12 12:39:54 EDT
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:0476 https://rhn.redhat.com/errata/RHSA-2012-0476.html
Comment 6 Vincent Danen 2012-04-12 12:54:18 EDT
Created cumin tracking bugs for this issue

Affects: fedora-all [bug 812066]
Comment 7 Vincent Danen 2013-02-15 12:12:12 EST
Current Fedora ships cumin-0.1.5522 which is based on upstream svn r5522 and includes this fix.

Note You need to log in before you can comment on or make changes to this bug.