Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3690 to the following vulnerability: Name: CVE-2010-3690 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3690 Assigned: 20101001 Reference: MLIST:[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/09/29/6 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/2 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/5 Reference: CONFIRM: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 Reference: CONFIRM: https://developer.jasig.org/source/changelog/jasigsvn?cs=21538 Reference: CONFIRM: https://issues.jasig.org/browse/PHPCAS-80 Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3691 to the following vulnerability: Name: CVE-2010-3691 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3691 Assigned: 20101001 Reference: MLIST:[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/09/29/6 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/2 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/5 Reference: CONFIRM: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 Reference: CONFIRM: https://developer.jasig.org/source/changelog/jasigsvn?cs=21538 Reference: CONFIRM: https://issues.jasig.org/browse/PHPCAS-80 PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3692 to the following vulnerability: Name: CVE-2010-3692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3692 Assigned: 20101001 Reference: MLIST:[oss-security] 20100929 CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/09/29/6 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/2 Reference: MLIST:[oss-security] 20101001 Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Reference: URL: http://www.openwall.com/lists/oss-security/2010/10/01/5 Reference: CONFIRM: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 Reference: CONFIRM: https://developer.jasig.org/source/changelog/jasigsvn?cs=21538 Reference: CONFIRM: https://issues.jasig.org/browse/PHPCAS-80 Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Created glpi tracking bugs for this issue Affects: fedora-all [bug 620759]
Created moodle tracking bugs for this issue Affects: fedora-all [bug 646661]
I don't think this affects moodle in Fedora currently, since as of 1.9.9-2, we use system phpCAS.
(In reply to comment #5) > I don't think this affects moodle in Fedora currently, since as of 1.9.9-2, we > use system phpCAS. You're right, I see that in the spec now. I'll fix the tracking bug then. Thank you. For reference: #use system php-pear-CAS rm -rf $RPM_BUILD_ROOT/var/www/moodle/web/auth/cas ln -s /usr/share/pear/ $RPM_BUILD_ROOT/var/www/moodle/web/auth/cas ... * Thu Aug 19 2010 Jon Ciesla <limb> - 1.9.9-2 - Switch to system php-pear-CAS, BZ 577467, 620772.
GLPI also use, for a while, system phpCAS (php-pear-CAS-1.1.3 is available in the repositories). Except in EPEL-4, but I think I'm going to remove this oudated version (not maintained, and which can't be updated because of php 5 dep.) From spec: > # Use system lib > rm -rf lib/phpcas
(In reply to comment #7) > GLPI also use, for a while, system phpCAS (php-pear-CAS-1.1.3 is available in > the repositories). > > Except in EPEL-4, but I think I'm going to remove this oudated version (not > maintained, and which can't be updated because of php 5 dep.) And Fedora 12. This change was made in Fedora 13. 0.72.4-2.svn11035.fc12 still has an embedded phpCAS. In fact, the last changelog entry on that one: * Mon Mar 22 2010 Remi Collet <> - 0.72.4-2.svn11035 - update embedded phpCAS to 1.1.0RC7 (security fix - #575906)
I must apologize... I was thinking I have push this update in all branch :( glpi-0.72.4-3.svn11497 is now in f12 and f13 (updates pending) glpi-0.71 have been retired from el4 (ticket pending)
Fantastic. Thank you, Remi.