Ubuntu
htdig package

[CVE-2007-6110] Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6

Bug #172277 reported by Stephan Rügamer
260
Affects Status Importance Assigned to Milestone
htdig (Debian)
Fix Released
Unknown
htdig (Ubuntu)
Fix Released
Undecided
William Grant
Dapper
Invalid
Undecided
William Grant
Edgy
Fix Released
Undecided
William Grant
Feisty
Fix Released
Undecided
William Grant
Gutsy
Fix Released
Undecided
William Grant
Hardy
Fix Released
Undecided
William Grant

Bug Description

Binary package hint: htdig

Vulnerability Summary CVE-2007-6110
Original release date: 11/23/2007
Last revised: 11/26/2007
Source: US-CERT/NIST

Overview

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6

Access Vector: Network exploitable , Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification

References to Advisories, Solutions, and Tools

External Source: (disclaimer)

Hyperlink: http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibb

Revision history for this message
Adam Spain (adamspain) wrote :

Your link is broken. I think this one should work (and is what that one was meant to be):

http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

You can find this patch in http://mirror.atrpms.net/fedora/linux/updates/8/SRPMS/htdig-3.2.0b6-13.fc8.src.rpm
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01025.html

William Grant (wgrant)
Changed in htdig:
assignee: nobody → fujitsu
status: New → In Progress
assignee: nobody → fujitsu
status: New → In Progress
assignee: nobody → fujitsu
status: New → In Progress
William Grant (wgrant)
Changed in htdig:
assignee: nobody → fujitsu
status: New → In Progress
assignee: nobody → fujitsu
status: New → In Progress
Revision history for this message
William Grant (wgrant) wrote :

htdig (1:3.2.0b6-3.1ubuntu1) hardy; urgency=low

  * SECURITY UPDATE: Cross-site scripting via crafted sort type. (LP: #172277)
  * htsearch/Display.cc, libhtdig/ResultFetch.cc: Don't display the sort type
    if it is unrecognised.
  * References:
    CVE-2007-6110

 -- William Grant <email address hidden> Sat, 01 Dec 2007 17:53:32 +1100

Changed in htdig:
status: In Progress → Fix Released
Revision history for this message
William Grant (wgrant) wrote :

It would seem that Dapper's does not display the error message containing the vulnerability.

Changed in htdig:
status: In Progress → Invalid
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for preparing this! I've uploaded it to the security queue; it should be published shortly.

Changed in htdig:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
William Grant (wgrant) wrote :

htdig (1:3.2.0b6-3.1ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting via crafted sort type. (LP: #172277)
  * htsearch/Display.cc, libhtdig/ResultFetch.cc: Don't display the sort type
    if it is unrecognised.
  * References:
    CVE-2007-6110

 -- William Grant <email address hidden> Sat, 01 Dec 2007 18:21:48 +1100

Revision history for this message
William Grant (wgrant) wrote :

htdig (1:3.2.0b6-3ubuntu0.1) feisty-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting via crafted sort type. (LP: #172277)
  * htsearch/Display.cc, libhtdig/ResultFetch.cc: Don't display the sort type
    if it is unrecognised.
  * References:
    CVE-2007-6110

 -- William Grant <email address hidden> Sat, 01 Dec 2007 18:31:46 +1100

Changed in htdig:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
William Grant (wgrant)
Changed in htdig:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in htdig:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.