[horde] About xss.php security problem (CVE-2008-3824) - question.
k bah
kbah at linuxmail.org
Mon Sep 22 13:48:22 UTC 2008
Hi,
I'm using Horde 3.1.7 and IMP 4.1.6.
Regarding http://www.ocert.org/advisories/ocert-2008-012.html:
- CVE-2008-3823 (MIME/MIME/Contents.php) - I'm not vulnerable to this one, right?
- CVE-2008-3824 (Text_Filter/Filter/xss.php) - I'm vulnerable to this one.
I wanna know if but just applying this patch:
--------- patch ---------------
Index: xss.php
===================================================================
RCS file: xss.php,v
retrieving revision 1.1.2.8.2.2
diff -u -r1.1.2.8.2.2 xss.php
--- xss.php 18 May 2008 11:15:48 -0000 1.1.2.8.2.2
+++ xss.php 19 Aug 2008 22:05:53 -0000
@@ -95,7 +95,7 @@
$patterns[$preg] = '\1\8' . $this->_params['replace'];
/* Get all on<foo>="bar()". NEVER allow these. */
- $patterns['/([\s"\']+' .
+ $patterns['/([\s"\'\/]+' .
'(o|�*79;?|�*4f;?|�*111;?|�*6f;?)' .
'(n|�*78;?|�*4e;?|�*110;?|�*6e;?)' .
'\w+)[^=a-z0-9"\'>]*=/i'] = '\1' . $this->_params['replace'] . '=';
--------- patch ---------------
is enough to fix the security issue mentioned on CVE-2008-3824.
I applied the patch to lib/Horde/Text/Filter/xss.php and the original file and the fixed one differ as follows:
--------------
server:/srv/www/htdocs/horde/testing-patch # diff xss.php xss.php.orig
98c98
< $patterns['/([\s"\'\/]+' .
---
> $patterns['/([\s"\']+' .
--------------
where xss.php.orig is Horde's original file (Horde version 3.1.7) and xss.php is the file patched with the above patch. I got that patch from http://www.ocert.org/advisories/ocert-2008-012.html (Text_Filter.31.patch).
Do I have to update to Horde 3.2.2 or is this enough?
thanks
=
--
Powered by Outblaze
More information about the horde
mailing list