[horde] About xss.php security problem (CVE-2008-3824) - question.
Jan Schneider
jan at horde.org
Mon Sep 22 15:31:28 UTC 2008
Zitat von k bah <kbah at linuxmail.org>:
>
> Hi,
>
> I'm using Horde 3.1.7 and IMP 4.1.6.
> Regarding http://www.ocert.org/advisories/ocert-2008-012.html:
>
> - CVE-2008-3823 (MIME/MIME/Contents.php) - I'm not vulnerable to
> this one, right?
> - CVE-2008-3824 (Text_Filter/Filter/xss.php) - I'm vulnerable to this one.
>
>
> I wanna know if but just applying this patch:
>
> --------- patch ---------------
>
>
> Index: xss.php
> ===================================================================
> RCS file: xss.php,v
> retrieving revision 1.1.2.8.2.2
> diff -u -r1.1.2.8.2.2 xss.php
> --- xss.php 18 May 2008 11:15:48 -0000 1.1.2.8.2.2
> +++ xss.php 19 Aug 2008 22:05:53 -0000
> @@ -95,7 +95,7 @@
> $patterns[$preg] = '\1\8' . $this->_params['replace'];
>
> /* Get all on<foo>="bar()". NEVER allow these. */
> - $patterns['/([\s"\']+' .
> + $patterns['/([\s"\'\/]+' .
> '(o|�*79;?|�*4f;?|�*111;?|�*6f;?)' .
> '(n|�*78;?|�*4e;?|�*110;?|�*6e;?)' .
> '\w+)[^=a-z0-9"\'>]*=/i'] = '\1' .
> $this->_params['replace'] . '=';
>
> --------- patch ---------------
>
> is enough to fix the security issue mentioned on CVE-2008-3824.
Yes.
> I applied the patch to lib/Horde/Text/Filter/xss.php and the
> original file and the fixed one differ as follows:
>
> --------------
>
> server:/srv/www/htdocs/horde/testing-patch # diff xss.php xss.php.orig
> 98c98
> < $patterns['/([\s"\'\/]+' .
> ---
>> $patterns['/([\s"\']+' .
>
> --------------
>
> where xss.php.orig is Horde's original file (Horde version 3.1.7)
> and xss.php is the file patched with the above patch. I got that
> patch from http://www.ocert.org/advisories/ocert-2008-012.html
> (Text_Filter.31.patch).
How is this different?
> Do I have to update to Horde 3.2.2 or is this enough?
That's enough.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the horde
mailing list