[Secure-testing-team] Bug#504170: CVE-2008-4796: missing input sanitising in Snoopy.class.php
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Nov 1 11:11:56 UTC 2008
Package: mahara
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mahara.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote attackers to execute arbitrary commands via
| shell metacharacters in https URLs. NOTE: some of these details are
| obtained from third party information.
The extracted patch for Snoopy.class.php can be found here[1]. However
it would be much appreciated (and it is a release goal anyway), if
you could just depend on libphp-snoopy, instead of duplicating the code.
(Maybe you need to change some includes, I didn't check that).
That would make life much easier for the security team.
>From what I can see you have two small patches in your copy of
Snoopy.class.php. However, if I am not mistaken, both could probably
go into the libphp-snoopy package, so please talk to the maintainer,
if you really depend on them.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
http://security-tracker.debian.net/tracker/CVE-2008-4796
[1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch
More information about the Secure-testing-team
mailing list