Bug 805712 (CVE-2012-1575) - CVE-2012-1575 cumin: multiple XSS flaws
Summary: CVE-2012-1575 cumin: multiple XSS flaws
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-1575
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20120306,repor...
Depends On: 438142 807763 812066
Blocks: 805721
TreeView+ depends on / blocked
 
Reported: 2012-03-21 21:18 UTC by Vincent Danen
Modified: 2019-06-08 19:05 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-12 16:56:47 UTC


Attachments (Terms of Use)
Technical write up on vulnerabilities, fixes, and testing (65.31 KB, application/pdf)
2012-03-22 12:39 UTC, Trevor McKay
no flags Details
Quota config, referenced from the pdf (198 bytes, application/octet-stream)
2012-03-22 12:40 UTC, Trevor McKay
no flags Details
Aviary submit script, referenced from the pdf (2.63 KB, text/x-python)
2012-03-22 12:41 UTC, Trevor McKay
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0476 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Management Console security update 2012-04-12 20:35:25 UTC
Red Hat Product Errata RHSA-2012:0477 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Management Console security update 2012-04-12 20:35:19 UTC

Description Vincent Danen 2012-03-21 21:18:32 UTC
A number of XSS flaws were reported in Cumin.  These flaws could be used by a remote attacker to inject arbitrary web script on a web page displayed by Cumin.

To solve the problem, xml_escape() (as defined in wooly/python/wooly/util.py, a simple wrapper around xml.sax.saxutils.escape()) is called on any values that are displayed on a web page and originate outside of Cumin, or through a form submitted by a user.  Many of these have been corrected upstream in r5238 [1].

[1] https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html

Comment 1 Trevor McKay 2012-03-22 12:39:48 UTC
Created attachment 571986 [details]
Technical write up on vulnerabilities, fixes, and testing

Slightly different than the original version, but only because I changed the integers used in alert scripts to be unique so that when they are run it is unambiguous which one is displaying.  This might be helpful when testing Cumin for the presences of errors.

Comment 2 Trevor McKay 2012-03-22 12:40:51 UTC
Created attachment 571987 [details]
Quota config, referenced from the pdf

Comment 3 Trevor McKay 2012-03-22 12:41:54 UTC
Created attachment 571988 [details]
Aviary submit script, referenced from the pdf

Comment 4 errata-xmlrpc 2012-04-12 16:39:36 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0477 https://rhn.redhat.com/errata/RHSA-2012-0477.html

Comment 5 errata-xmlrpc 2012-04-12 16:39:54 UTC
This issue has been addressed in following products:

  MRG for RHEL-5 v. 2

Via RHSA-2012:0476 https://rhn.redhat.com/errata/RHSA-2012-0476.html

Comment 6 Vincent Danen 2012-04-12 16:54:18 UTC
Created cumin tracking bugs for this issue

Affects: fedora-all [bug 812066]

Comment 7 Vincent Danen 2013-02-15 17:12:12 UTC
Current Fedora ships cumin-0.1.5522 which is based on upstream svn r5522 and includes this fix.


Note You need to log in before you can comment on or make changes to this bug.