Re: [Bug 1964710] Re: XSS vulnerability in row_create
Hello! I have tested the fixes in a virtual machine and here are the results. Current version in Impish does not work at all and 1.9.8.2-1ubuntu0.21.10.1 version fixes the problems and is not vulnerable to the XSS in the newRows parameter. 👍 Current version for Focal is vulnerable and 1.9.8.2-1ubuntu0.20.04.1 fixes the issue. 👍 Although, version in Bionic 1.9.7.1-1ubuntu0.1 has the XSS flaw though the POST parameter 'num', it is hardly exploitable because of CSRF protection. An attacker needs to know somehow a token before he could inject malicious code. In fact, I found other problem with the current version, the file /etc/apache/conf-available/phpliteadmin.conf contains "Depends: php7.0" magic comment that is blocking it from automatic activation by the postinst script. It would be great to replace digit 7.0 with 7.2. Since the original issue is mitigated, let me propose one more one-liner fix. 🤔 ** Patch added: "phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff" https://bugs.launchpad.net/bugs/1964710/+attachment/5592042/+files/phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
Hi Nicholas, We are still awaiting the results of testing for the packages in the security team PPA... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** Changed in: phpliteadmin (Ubuntu) Importance: Undecided => Medium ** Changed in: phpliteadmin (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: phpliteadmin (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: phpliteadmin (Ubuntu Impish) Importance: Undecided => Medium ** Changed in: phpliteadmin (Ubuntu Jammy) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
This was fixed in Jammy (Ubuntu 22.04 LTS pre-release) in phpliteadmin 1.9.8.2-2, closing that task. ** Changed in: phpliteadmin (Ubuntu Jammy) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
ACK on the debdiffs in comments #1 and #2. I did add the CVE number to the changelog though, to make it easier to track. I've uploaded packages to the security team PPA here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages Could you please give them a try and once they have been tested, we will publish them. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** Also affects: phpliteadmin (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: phpliteadmin (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: phpliteadmin (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: phpliteadmin (Ubuntu Impish) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46709 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** Description changed: On 21 August 2021, it was publicly reported a little XSS vulnerability in the phpLiteAdmin script packaged in Ubuntu. The following versions of the phpliteadmin package are affected. - * 1.9.8.2-1 echoes GET parameter newRows to HTML with no properly -escaping nor conversion. - * 1.9.7.1-1ubuntu0.1 does similar with POST parameter num. + * 1.9.8.2-1 echoes GET parameter newRows to HTML with no properly + escaping nor conversion. + * 1.9.7.1-1ubuntu0.1 does similar with POST parameter num. + + Upstream bug report: + https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** Patch added: "phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568398/+files/phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964710] Re: XSS vulnerability in row_create
** Patch added: "phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568397/+files/phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964710 Title: XSS vulnerability in row_create To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs